-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 15 Aug 2024 23:51:02 +0200 Source: openssl Architecture: source Version: 3.0.14-1~deb12u1 Distribution: bookworm Urgency: medium Maintainer: Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net> Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Closes: 1068658 1071972 1072113 Changes: openssl (3.0.14-1~deb12u1) bookworm; urgency=medium . * Import 3.0.14 - CVE-2024-2511 (Unbounded memory growth with session handling in TLSv1.3) (Closes: #1068658). - CVE-2024-4603 (Excessive time spent checking DSA keys and parameters) (Closes: #1071972). - CVE-2024-4741 (Use After Free with SSL_free_buffers) (Closes: #1072113). Checksums-Sha1: 5c392cadce27d615f684c339c9cc036f0586c6db 2675 openssl_3.0.14-1~deb12u1.dsc 80b67212212a5ba81b071026d1ad851d6cbcca93 15305497 openssl_3.0.14.orig.tar.gz 31dbe278f6d86a380e6c73d58f58543d7ebacad2 833 openssl_3.0.14.orig.tar.gz.asc 95dd9539f1dc2fbe5f24569b920ace0bb73d0203 69364 openssl_3.0.14-1~deb12u1.debian.tar.xz Checksums-Sha256: 4d5c553aa0c03f3d3c95faedf6446736fc1b52e45c2c5a7686d60e5284a4f167 2675 openssl_3.0.14-1~deb12u1.dsc eeca035d4dd4e84fc25846d952da6297484afa0650a6f84c682e39df3a4123ca 15305497 openssl_3.0.14.orig.tar.gz 251c0453a8ea7716cb6ce6cf67f8ca4ae48fbed97a924167ef8f271dd387033b 833 openssl_3.0.14.orig.tar.gz.asc 307e7aa3ae64599c46ccfbdb67e41d3648bb58879d77b413cbe9184a5f3d9f40 69364 openssl_3.0.14-1~deb12u1.debian.tar.xz Files: c2faa49dacd5c8aba779bf813c4b0828 2675 utils optional openssl_3.0.14-1~deb12u1.dsc e6fe71fb59a502db54a25cd0f34ea67e 15305497 utils optional openssl_3.0.14.orig.tar.gz c33eb94718076b0353c1331695b8d83a 833 utils optional openssl_3.0.14.orig.tar.gz.asc 1e4a47c3ba8c284026a3fb3541afb951 69364 utils optional openssl_3.0.14-1~deb12u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZCVGlf/wqkRmzBnme5boFiqM9dEFAmbBEJAACgkQe5boFiqM 9dHVhA//U9Ku03SNjR5XxW8T2Nw0u3vWNLW2KFiUslJWArQ0Iyn7zJb1doARy4FE 9wcJGCZsI1H38asayZwQTzdq18llykfWM1VEeoxFUGXJrTnVGz+95LClxgl6c+h/ EUoLstlLWw054ognOZjIrI+0ZMQW9i5BLarQqtYGwK3zLwz0ocsvVvIMpZ8oaaDO h56xmbvA4h01Pi2KiOzJn2ZZEQwtNFAnAPw+cJlf0tbGne7d0B23KVEvD0dL2Pnd YGfZM7WBmqGecplpXo3gkVaCrBIIkpnPV/YIZqCoKvBysvHlDRI3OSXPzdGQLdO/ Wy4sjmVfi8UL7mscpYL6IMSxjz1Sk9n78IuAyk2inpyK3IpGOheasl9bB5PqO74z AtTZgL6ubLjJkHzUpBIJbDVzirK+0BxgdrlZcv9ERAH9cuNvSqDRWN4VfxBZ/jsp Ye66nUWqVLIlGfGPzaLvjbwzM2hkBYYhjYVKQgIjOxaZKouXJCGmbuVEXUju1GDU FZUvID2wF1VZ+Xlh4xhKdLEP2Ykntz1qh8sGtgzyvhDvTjr8HmcaD9WHbGQrvDir wI9hKPIALcKEc7Uf9Yqa1WxhY0/yeOEJRVJU0tp9Y808dCwRYzUTm2Gfq5dZR+3r XvdD+tKtPEeJsJ5QrCZDm+hEHVhSWAnDIF5l3FZ6Sb3KJRHxkUY= =gK1p -----END PGP SIGNATURE-----