Debian Package Tracker

general

source: openssl (source, libs)
version: 1.1.0f-5
maintainer: Debian OpenSSL Team (archive) [DMD]
uploaders: Sebastian Andrzej Siewior [DMD] – Christoph Martin [DMD] – Kurt Roeckx [DMD]
arch: all any
std-ver: 3.9.8
VCS: Subversion (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.0.1e-2+deb7u20
o-o-sec: 1.0.1t-1+deb7u2
oldstable: 1.0.1t-1+deb8u6
old-sec: 1.0.1t-1+deb8u6
old-bpo: 1.0.2l-1~bpo8+1
stable: 1.1.0f-3
testing: 1.1.0f-5
unstable: 1.1.0f-5

versioned links

1.0.1e-2+deb7u20: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.1t-1+deb7u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.1t-1+deb8u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.2l-1~bpo8+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.0e-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.0f-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.0f-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libcrypto1.1-udeb
libssl-dev
libssl-doc
libssl1.1
libssl1.1-udeb
openssl

action needed

1 security issue in sid

high

There is 1 open security issue in sid.

1 important issue:

CVE-2017-3735: While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then.

Please fix it.

Created: 2017-08-29 Last update: 2017-09-13 07:30

1 security issue in buster

high

There is 1 open security issue in buster.

1 important issue:

CVE-2017-3735: While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then.

Please fix it.

Created: 2017-08-29 Last update: 2017-09-13 07:30

lintian reports 2 errors and 18 warnings

high

Lintian reports 2 errors and 18 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2017-05-05 Last update: 2017-08-26 01:17

Standards version of the package is outdated.

high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.1.0 instead of 3.9.8).

Created: 2017-07-05 Last update: 2017-08-25 07:10

Fails to build during reproducibility testing

normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2017-09-04 Last update: 2017-09-22 13:31

RFH

normal

The current maintainer is looking for someone who can help with the maintenance of this package. If you are interested in this package, please consider helping out. One way you can help is offer to be a co-maintainer or triage bugs in the BTS. Please see bug number #332498 for more information.

Created: 2015-07-05 Last update: 2015-07-05 19:05

1 ignored security issue in wheezy

low

There is 1 open security issue in wheezy.

1 issue skipped by the security teams:

CVE-2017-3735: While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then.

Please fix it.

Created: 2017-08-29 Last update: 2017-09-13 07:30

1 ignored security issue in jessie

low

There is 1 open security issue in jessie.

1 issue skipped by the security teams:

CVE-2017-3735: While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then.

Please fix it.

Created: 2017-08-29 Last update: 2017-09-13 07:30

1 ignored security issue in stretch

low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2017-3735: While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then.

Please fix it.

Created: 2017-08-29 Last update: 2017-09-13 07:30

news

[rss feed]

[2017-09-04] openssl 1.1.0f-5 MIGRATED to testing (Debian testing watch)
[2017-08-24] Accepted openssl 1.1.0f-5 (source) into unstable (Kurt Roeckx)
[2017-08-12] openssl 1.1.0f-4 MIGRATED to testing (Debian testing watch)
[2017-08-06] Accepted openssl 1.1.0f-4 (source) into unstable (Kurt Roeckx)
[2017-07-04] Accepted openssl 1.0.2l-1~bpo8+1 (source all) into jessie-backports->backports-policy, jessie-backports (Sebastian Andrzej Siewior)
[2017-06-07] openssl 1.1.0f-3 MIGRATED to testing (Debian testing watch)
[2017-06-05] Accepted openssl 1.1.0f-3 (source) into unstable (Kurt Roeckx)
[2017-06-04] Accepted openssl 1.1.0f-2 (source) into unstable (Kurt Roeckx)
[2017-05-25] Accepted openssl 1.1.0f-1 (source) into unstable (Kurt Roeckx)
[2017-05-21] openssl 1.1.0e-2 MIGRATED to testing (Debian testing watch)
[2017-05-02] Accepted openssl 1.1.0e-2 (source) into unstable (Sebastian Andrzej Siewior)
[2017-02-20] openssl 1.1.0e-1 MIGRATED to testing (Debian testing watch)
[2017-02-16] Accepted openssl 1.1.0e-1 (source) into unstable (Kurt Roeckx)
[2017-02-14] openssl 1.1.0d-2 MIGRATED to testing (Debian testing watch)
[2017-02-01] Accepted openssl 1.0.1t-1+deb7u2 (source all amd64) into oldstable (Emilio Pozuelo Monfort)
[2017-01-30] Accepted openssl 1.1.0d-2 (source) into unstable (Sebastian Andrzej Siewior)
[2017-01-28] Accepted openssl 1.0.1t-1+deb8u6 (source all amd64) into proposed-updates->stable-new, proposed-updates (Kurt Roeckx)
[2017-01-27] Accepted openssl 1.0.2k-1~bpo8+1 (source all) into jessie-backports (Sebastian Andrzej Siewior)
[2017-01-26] Accepted openssl 1.1.0d-1 (source) into unstable (Sebastian Andrzej Siewior)
[2017-01-20] Accepted openssl 1.1.0c-4 (source) into unstable (Sebastian Andrzej Siewior)
[2017-01-20] Accepted openssl 1.1.0c-3 (source) into unstable (Sebastian Andrzej Siewior)
[2016-11-28] openssl 1.1.0c-2 MIGRATED to testing (Debian testing watch)
[2016-11-21] Accepted openssl 1.1.0c-2 (source) into unstable (Kurt Roeckx)
[2016-11-10] Accepted openssl 1.1.0c-1 (source) into unstable (Kurt Roeckx)
[2016-11-01] Accepted openssl 1.1.0b-2 (source) into unstable (Kurt Roeckx)
[2016-09-30] openssl 1.0.2j-1 MIGRATED to testing (Debian testing watch)
[2016-09-26] Accepted openssl 1.0.2j-1~bpo8+1 (source all amd64) into jessie-backports (Kurt Roeckx)
[2016-09-26] Accepted openssl 1.1.0b-1 (source) into experimental (Kurt Roeckx)
[2016-09-26] Accepted openssl 1.0.2j-1 (source) into unstable (Kurt Roeckx)
[2016-09-25] Accepted openssl 1.0.1t-1+deb7u1 (source all amd64) into oldstable (Kurt Roeckx)

bugs [bug history graph]

all: 79
RC: 1
I&N: 46
M&W: 32
F&P: 0

links

homepage
lintian (2, 18)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.0.2g-1ubuntu13
98 bugs (7 patches)
patches for 1.0.2g-1ubuntu13