-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 13 Dec 2017 23:09:47 +0100 Source: openssl1.0 Binary: libssl1.0.2 libssl1.0-dev libcrypto1.0.2-udeb libssl1.0.2-udeb Architecture: source Version: 1.0.2l-2+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Description: libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl1.0-dev - Secure Sockets Layer toolkit - development files libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries libssl1.0.2-udeb - ssl shared library - udeb (udeb) Changes: openssl1.0 (1.0.2l-2+deb9u2) stretch-security; urgency=high . * CVE-2017-3737 (Read/write after SSL object in error state) * Add a testcase for CVE-2017-3737 * CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64) Checksums-Sha1: 3aac97397f767cb579d6750904b1dbde72c243b0 2301 openssl1.0_1.0.2l-2+deb9u2.dsc b58d5d0e9cea20e571d903aafa853e2ccd914138 5365054 openssl1.0_1.0.2l.orig.tar.gz 2dcc4e8265c1728ddd528faad774e632a77ea67e 80440 openssl1.0_1.0.2l-2+deb9u2.debian.tar.xz 8df82d1e7ab55b70b8b61a344d1c0901470db99b 5519 openssl1.0_1.0.2l-2+deb9u2_source.buildinfo Checksums-Sha256: 8e2a5b1fd3d8ea79725be9c82a302655a60b99194b28fc212bc8d01ee8995ce1 2301 openssl1.0_1.0.2l-2+deb9u2.dsc ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c 5365054 openssl1.0_1.0.2l.orig.tar.gz e9a3860447e58bfc770d5832a5e5a50d25a6bcaff3f3838a056887e3a612be77 80440 openssl1.0_1.0.2l-2+deb9u2.debian.tar.xz 8c5a7693e0f0f5354df6648a0943510ca06be8ddd6bc515fbcc33ad5be2c254d 5519 openssl1.0_1.0.2l-2+deb9u2_source.buildinfo Files: cb88e8469f645367740acfc7b2f726cc 2301 utils optional openssl1.0_1.0.2l-2+deb9u2.dsc f85123cd390e864dfbe517e7616e6566 5365054 utils optional openssl1.0_1.0.2l.orig.tar.gz 3dfff711a8cecedff5f890bd49d67992 80440 utils optional openssl1.0_1.0.2l-2+deb9u2.debian.tar.xz dfe8515115b97c8bfb88cb1c3d498157 5519 utils optional openssl1.0_1.0.2l-2+deb9u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErHvQgQWZUb1RregAT+XjJihy5MwFAlo0GPEACgkQT+XjJihy 5My/7A/+NzjBr78J0pV4Bu1/x76Dz2o8SA8qpKBjqHmhoVvmsSVALOdb6ZQcltPP CmAIjSmGzf1jimp/c0ayKWJNAr72OcSm9Sp+eX85eAAQUaD56BCMMUDySh2Tw8jC guJOIek6VyJJ612lEJSfb82iZCFF70GEeeY4A34QgaQzspDAOVGjzNESWeUpwPA/ 6uUrCtmd+1mKBRfZTQTZWe1Ygpq9hqeIhhMLqL8uzFE1HM/rLQGi6Hs1rkbIjesm pmHWRsdba9O/LdLUpmLhnUPgh4BZEBM7r4Btag1G4VOYP7GPaZBi1NCuelBCvK/S NBcTsKLnAsL0ucU/wa6LpDb4ZBiiPA1at+2rOeonFgJhF/JHd8qxKlF+vB6LsO2A O/EaHQoi11w7O+SfL9DAkeM67+jOJIY+V/2hbEqC3h7FQdX30Gm6KIY8EMhCiPPA Yc4hJ6nwPp+B3tGL4aqQjb4KyTftmQwoqUI7tLkshrx/XRWZuO8Uhis3CF9kQU9f vz48J+4esWuC2nPwdc1jmHFNuZFediIVs7312+6dEbdlkBYXrTrWkMynZFgBBHnz n3sVhdegqB/GdMnYTtNWwAu/wWXFPEayhfy7yhiIH1aqn7weuvMkJOt15q2cCGXP WefPvBMcY2eccisZe8Sptqwm6mEjYwu8jhMkwa52jM2HNuTRkr8= =RH7Y -----END PGP SIGNATURE-----