-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 27 May 2008 11:13:44 +0200 Source: openssl Binary: openssl libssl0.9.8 libcrypto0.9.8-udeb libssl-dev libssl0.9.8-dbg Architecture: source amd64 Version: 0.9.8g-10.1 Distribution: unstable Urgency: high Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> Changed-By: Nico Golde <nion@debian.org> Description: libcrypto0.9.8-udeb - crypto shared library - udeb (udeb) libssl-dev - SSL development libraries, header files and documentation libssl0.9.8 - SSL shared libraries libssl0.9.8-dbg - Symbol tables for libssl and libcrypto openssl - Secure Socket Layer (SSL) binary and related cryptographic tools Closes: 483379 483379 Changes: openssl (0.9.8g-10.1) unstable; urgency=high . * Non-maintainer upload by the Security team. * Fix denial of service if the 'Server Key exchange message' is omitted from a TLS handshake which could lead to a client crash (CVE-2008-1672; Closes: #483379). This only works if openssl is compiled with enable-tlsext which is done in Debian. * Fix double free in TLS server name extension which leads to a remote denial of service (CVE-2008-0891; Closes: #483379). Checksums-Sha1: 3f53fca87243ff7f1ec1392779c9a933d9254b83 1193 openssl_0.9.8g-10.1.dsc 6ae4560a758010d46b0a4256e17c0582dfda0666 52923 openssl_0.9.8g-10.1.diff.gz 8a25ad165246487f5650153078f9b2ae456351be 1031246 openssl_0.9.8g-10.1_amd64.deb 1f2c0c7f760529545007a7005963ea387213053b 951154 libssl0.9.8_0.9.8g-10.1_amd64.deb 3cffda31eaab4829a0b72428357fea3b14a785d5 617266 libcrypto0.9.8-udeb_0.9.8g-10.1_amd64.udeb 77b4edd39a7f2f49837399003df1451cb19e1e05 2220612 libssl-dev_0.9.8g-10.1_amd64.deb efac21bb7f183b5252b15a5ab7da66abdf3ddb71 1612692 libssl0.9.8-dbg_0.9.8g-10.1_amd64.deb Checksums-Sha256: c1227969267fec3e72b77a7fba9fbb7e355cb9c1a652bc0f7515f55c8b20a518 1193 openssl_0.9.8g-10.1.dsc ddde2ba28e940fbe99d98772f2ca1c425f1e73978e5f150939d560bea2ad040b 52923 openssl_0.9.8g-10.1.diff.gz 5816544ad6197f75d2b2a97ff1104f60730653de04ad8ce43c8d34ae1f54909b 1031246 openssl_0.9.8g-10.1_amd64.deb 2429626d9ca433e01001345c125d9244806eb8cc431015a4d6196e50dd337ae8 951154 libssl0.9.8_0.9.8g-10.1_amd64.deb 6054a80cc17b823a9039f24838301d84d6103da6b42cc59c2180608a6b89251b 617266 libcrypto0.9.8-udeb_0.9.8g-10.1_amd64.udeb 9183fda17e83a635192e4eb9f32664a0af8b0948e00ef9cdc375049504b58de8 2220612 libssl-dev_0.9.8g-10.1_amd64.deb c47e2225740b98c821a646cc3ea42bace39a6770237492b5589459e3e86381f5 1612692 libssl0.9.8-dbg_0.9.8g-10.1_amd64.deb Files: aa39077a394b8a2703c4460187e877c9 1193 utils optional openssl_0.9.8g-10.1.dsc d3afc44792abe1fbbf8281ffa6fbcbce 52923 utils optional openssl_0.9.8g-10.1.diff.gz 4c766c8c8134eee816435e12d6f15040 1031246 utils optional openssl_0.9.8g-10.1_amd64.deb 212f823095a2639b1baf1dc5278cad4d 951154 libs important libssl0.9.8_0.9.8g-10.1_amd64.deb 29bdc341387b0db7ae172fff19cff6ab 617266 debian-installer optional libcrypto0.9.8-udeb_0.9.8g-10.1_amd64.udeb 7003c933b093cb4be19294d96e1e81fc 2220612 libdevel optional libssl-dev_0.9.8g-10.1_amd64.deb 952d370d39d68d01f7d042b50729f92b 1612692 libdevel extra libssl0.9.8-dbg_0.9.8g-10.1_amd64.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIPaPEHYflSXNkfP8RAi5TAJ4pcyvUA/ZIlJ8JnBAst8xiB1e5zACeNK4G aGjzEJILiURSGdXH3of3CC0= =RlEF -----END PGP SIGNATURE----- Accepted: libcrypto0.9.8-udeb_0.9.8g-10.1_amd64.udeb to pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1_amd64.udeb libssl-dev_0.9.8g-10.1_amd64.deb to pool/main/o/openssl/libssl-dev_0.9.8g-10.1_amd64.deb libssl0.9.8-dbg_0.9.8g-10.1_amd64.deb to pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1_amd64.deb libssl0.9.8_0.9.8g-10.1_amd64.deb to pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1_amd64.deb openssl_0.9.8g-10.1.diff.gz to pool/main/o/openssl/openssl_0.9.8g-10.1.diff.gz openssl_0.9.8g-10.1.dsc to pool/main/o/openssl/openssl_0.9.8g-10.1.dsc openssl_0.9.8g-10.1_amd64.deb to pool/main/o/openssl/openssl_0.9.8g-10.1_amd64.deb
