-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 15 Oct 2014 19:06:38 +0200 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: source all amd64 Version: 1.0.1j-1 Distribution: unstable Urgency: high Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> Changed-By: Kurt Roeckx <kurt@roeckx.be> Description: libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.0.1j-1) unstable; urgency=high . * New upstream release - Fixes CVE-2014-3513 - Fixes CVE-2014-3567 - Add Fallback SCSV support to mitigate CVE-2014-3566 - Fixes CVE-2014-3568 * Disables SSLv3 because of CVE-2014-3566 * Update dgst_hmac.patch to apply to new upstream version * Drop rehash_pod.patch, applied upstream * Fix openssl_fix_for_x32.patch to apply to new upstream version Checksums-Sha1: 0f2d8a86ae7242fd6e9bdcbbbbf8fed6972cb20b 2227 openssl_1.0.1j-1.dsc cff86857507624f0ad42d922bb6f77c4f1c2b819 4432964 openssl_1.0.1j.orig.tar.gz 48abefd3d2e359696b241f4d2d2ff4d806438fa8 87356 openssl_1.0.1j-1.debian.tar.xz fb029268ecbbec3650ee30931cf7940ff3ea6842 1135740 libssl-doc_1.0.1j-1_all.deb feed2f194e6466ecd792278980a3cd9ef0a8b171 674306 openssl_1.0.1j-1_amd64.deb 997ca36cddf63aa025dfd5fadeb401f6908e0dda 1031724 libssl1.0.0_1.0.1j-1_amd64.deb 28a47daeb65f7a3104e423827db1908c57a801cb 639596 libcrypto1.0.0-udeb_1.0.1j-1_amd64.udeb 22a8ce927356d01313438bf9b99f16d374322a40 1267078 libssl-dev_1.0.1j-1_amd64.deb ca19bf9dedbaaaa787c1cb280c0bc3dd279af373 2792824 libssl1.0.0-dbg_1.0.1j-1_amd64.deb Checksums-Sha256: abc6b7959cc3193ed517dcf6c1744dd2d68f4ad4d7634a75ef4fad12c530000c 2227 openssl_1.0.1j-1.dsc 1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3 4432964 openssl_1.0.1j.orig.tar.gz 9c2d001144dc2ea301d0deed6b41c8f893d17774c31de3c5ba7ba9272a7318ff 87356 openssl_1.0.1j-1.debian.tar.xz 4fa487d48f8c65247dff08b766d9c39e7fe43dc918043625525bc617b6d66b2e 1135740 libssl-doc_1.0.1j-1_all.deb cd26d7e11e5bed52945de32978e6b51978a0f1184d2474b9eaee4476092fed44 674306 openssl_1.0.1j-1_amd64.deb 9ddf468bd75409af1cf10539f7e1fd1a605362f18cff9a244cedd5ef0c140015 1031724 libssl1.0.0_1.0.1j-1_amd64.deb 3cb461680979419908718cc5fb6b9c9e06999d00b6f33f8702a618d12f2c5e9b 639596 libcrypto1.0.0-udeb_1.0.1j-1_amd64.udeb 628bc75578005007c7ef85198562b2bfed96d53be5e2d82f51e0f31a46a67743 1267078 libssl-dev_1.0.1j-1_amd64.deb 34c3fb669aa5c82f8a78b43a92e00b832cfe8a86adbaf5d10e9d97285722dc83 2792824 libssl1.0.0-dbg_1.0.1j-1_amd64.deb Files: 62b74e76cf330688583b97c3508ce69b 2227 utils optional openssl_1.0.1j-1.dsc f7175c9cd3c39bb1907ac8bba9df8ed3 4432964 utils optional openssl_1.0.1j.orig.tar.gz b9c10d35197b07e2d42ed06fbc438a96 87356 utils optional openssl_1.0.1j-1.debian.tar.xz e83eb7bf157431f2e94f994f2916f5be 1135740 doc optional libssl-doc_1.0.1j-1_all.deb 31af9466ff528ae664b0cf80289d90c5 674306 utils optional openssl_1.0.1j-1_amd64.deb 2d988fd5d8884b7b729feed32a36ebe5 1031724 libs important libssl1.0.0_1.0.1j-1_amd64.deb 75e61860ce78d24a4fc69a4f10c9aeb7 639596 debian-installer optional libcrypto1.0.0-udeb_1.0.1j-1_amd64.udeb 570f4652ac098ecd738179a00d63892a 1267078 libdevel optional libssl-dev_1.0.1j-1_amd64.deb e4ef2d67d1e07b1ec6a008a87d58a536 2792824 debug extra libssl1.0.0-dbg_1.0.1j-1_amd64.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUPrSuAAoJEKGfLDAaVSLdm5YP/2Mmiu2Ui5SPLg38UiIq9YUy jWCbaylZU2l4IML8FnrXmKAquKg4rgefM/C7Y5Q4akRGlvtJBBjaodpzjPKNGUvF YrE0Q6DFXNY3unYZOl5tNbeatlywq9xihADMQb6wWqmBHCk+X5iu9KjeUrFX1WCy g7hJobbH0mVCZaYlSPEX9AWZvYn11Ld/hg3X8lzXThZ1jffKLwf5lPO9A1hYu9mq ke1sYBIefL0T1G7Xu/u1QImHQ06aApNvxASZDCccmFBsyIpJwc++0zshc2FVtafj zDM0uu3f+JfQm30GByo0UjJmI6VP8j6H3E29By2V5wNF2lx+ebnAdgyQ5pybrErV 3dBNQcloD30piRmBEEIQ2asnVFfSaR9kYWRmdQfDqBKnWc9dNEZ1ISkz2+LzYbK4 0h4v/seAsSMCWMYQiACF3shUXTJYu+caew0C24oNp8/2v7OVH53CsE0lz+W54Db0 QEwh6wmZoN7bsWIGRXB8i0LIYHsQWRtMWpS1AGv3Xly5FUhuN+BgqME2YjmRtSiN BHI0jS+Di+0u9mkDnWfZTGDpH++PHUIkREWnixBQdF2iopZ0awAwgp3cJh/8BKtX CpwxiyF3LE4T0o4IOOjSaE6sEj0508g3STkRk3NOA5w8wGnIztbC2Z+4xC2wm7/5 E34KqGq63SybAa7KMq6/ =Tk0A -----END PGP SIGNATURE-----