Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted openssl 3.2.2-1 (source) into unstable
Date: Tue, 04 Jun 2024 21:36:28 +0000
Signed by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 04 Jun 2024 18:23:45 +0200
Source: openssl
Architecture: source
Version: 3.2.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Closes: 1068658 1071972 1072113
Changes:
 openssl (3.2.2-1) unstable; urgency=medium
 .
   * Import 3.2.2
     - CVE-2024-2511 (Unbounded memory growth with session handling in
       TLSv1.3). (Closes: #1068658).
     - CVE-2024-4603 (Excessive time spent checking DSA keys and parameters)
       (Closes: #1071972).
     - CVE-2024-4741 (Use After Free with SSL_free_buffers)
       (Closes: #1072113).
Checksums-Sha1:
 ecd1a2343ff8a8b7fecdc31d2b10be922fe0734f 2482 openssl_3.2.2-1.dsc
 b12311372a0277ca0eb218a68a7fd9f5ce66d162 17744472 openssl_3.2.2.orig.tar.gz
 b106e3f747d4a30c01b60d72b8602be8579c460e 833 openssl_3.2.2.orig.tar.gz.asc
 91cf42d691b07fd16a27550bf6beeafac724fd36 66696 openssl_3.2.2-1.debian.tar.xz
Checksums-Sha256:
 0a8f3309b0119606f3fc23007401739504fa5505de98fc0d4c08a9cfc7b2d082 2482 openssl_3.2.2-1.dsc
 197149c18d9e9f292c43f0400acaba12e5f52cacfe050f3d199277ea738ec2e7 17744472 openssl_3.2.2.orig.tar.gz
 e236f8871cb18de290430e257dadd06732e7a4f8d8c6f8ffa6abb4686050ac51 833 openssl_3.2.2.orig.tar.gz.asc
 ec28f43520ef7fa49f13581c0aaa39086c606874ed10c0e27c4cf75b3d75f9f6 66696 openssl_3.2.2-1.debian.tar.xz
Files:
 cf065e469b67e7c1ea9b264abd7eccaa 2482 utils optional openssl_3.2.2-1.dsc
 68848a5aa5a4b4ef5c5374368b3ade6b 17744472 utils optional openssl_3.2.2.orig.tar.gz
 0c5139da0d7a3a9e1763d1d35e8a4669 833 utils optional openssl_3.2.2.orig.tar.gz.asc
 e9e6f9742b1333c8841d3d58dd4965a2 66696 utils optional openssl_3.2.2-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAmZfgj8ACgkQBWQfF1cS
+lujjAv/ZdN2xCksfP5Csula6IW9mrOTz1p0YpnZUncRUOiXkuHe0tTDY1eqIX/9
LrUQO40pQtApLO6O5ZrQLiqHybCL84dw0hhXONcgxPm+p4AwzTSbvQ3eeFBvwBQg
/BAuOZUaqV4BtfJYcLPZCvVBHL3F98oCzRBT5TiE/kMEy8/4S0/OSND+gS0ACsPm
tpaWCd9HTZCfqZw+y/YwmYGtw2tlAfshBZmYfIEXQiY+r/QaIQmuPrGlWpUqNpUM
KbhFODe2llzD+cq/+Rs3B4U+IupD4SbJ7xFRd6SL6BiytZx/llhX3KBNx5Aa9fUA
Hs+GoJRqT5L1Qt8u+cvqgyPpZ0kd+jKa9Ocpq3M8CYIZN/hcZSLBBRuRl+XLZQkO
D7lApH+vIzxrbNiefNc9jtCyY6ygODamxaFivk6AptluASm8Bcbccm3DDXVWQ9Ca
aJHjzqjZyaLuiHm+qjAfWLgtH72qHsPWnfoEJSwd3Myb1emN8Ek/OsS7miBorEW7
efW2lmrn
=Ror+
-----END PGP SIGNATURE-----

News for package openssl