Debian Package Tracker

general

source: openssl (main)
version: 1.1.1-2
maintainer: Debian OpenSSL Team (archive) [DMD]
uploaders: Sebastian Andrzej Siewior [DMD] – Christoph Martin [DMD] – Kurt Roeckx [DMD]
arch: all any
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.0.1e-2+deb7u20
o-o-sec: 1.0.1t-1+deb7u4
oldstable: 1.0.1t-1+deb8u8
old-sec: 1.0.1t-1+deb8u9
old-bpo: 1.0.2l-1~bpo8+1
stable: 1.1.0f-3+deb9u2
stable-sec: 1.1.0f-3+deb9u2
testing: 1.1.1-2
unstable: 1.1.1-2

versioned links

1.0.1e-2+deb7u20: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.1t-1+deb7u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.1t-1+deb8u8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.1t-1+deb8u9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.2l-1~bpo8+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.0f-3+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libcrypto1.1-udeb
libssl-dev
libssl-doc
libssl1.1
libssl1.1-udeb
openssl

action needed

5 security issues in stretch high

There are 5 open security issues in stretch.

1 important issue:

CVE-2018-5407: Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

4 issues skipped by the security teams:

CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).
CVE-2018-0735: The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j-dev (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a-dev (Affected 1.1.1).
CVE-2018-0737: The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).
CVE-2018-0734: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a-dev (Affected 1.1.1). Fixed in OpenSSL 1.1.0j-dev (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q-dev (Affected 1.0.2-1.0.2p).

Please fix them.

Created: 2018-04-16 Last update: 2018-11-17 08:36

2 security issues in buster high

There are 2 open security issues in buster.

2 important issues:

CVE-2018-0735: The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j-dev (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a-dev (Affected 1.1.1).
CVE-2018-0734: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a-dev (Affected 1.1.1). Fixed in OpenSSL 1.1.0j-dev (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q-dev (Affected 1.0.2-1.0.2p).

Please fix them.

Created: 2018-10-29 Last update: 2018-11-17 08:36

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2018-0735: The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j-dev (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a-dev (Affected 1.1.1).
CVE-2018-0734: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a-dev (Affected 1.1.1). Fixed in OpenSSL 1.1.0j-dev (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q-dev (Affected 1.0.2-1.0.2p).

Please fix them.

Created: 2018-10-29 Last update: 2018-11-17 08:36

2 security issues in jessie high

There are 2 open security issues in jessie.

2 important issues:

CVE-2018-5407: Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-0735: The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j-dev (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a-dev (Affected 1.1.1).

Please fix them.

Created: 2018-10-29 Last update: 2018-11-17 08:36

lintian reports 2 errors and 3 warnings high

Lintian reports 2 errors and 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-04-11 Last update: 2018-10-30 06:39

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2018-10-01 Last update: 2018-11-18 03:34

1 new commit since last upload, time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.1.1-3, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 32c5e134acdf0ca4558b02b996ad294204c3e7c8
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Wed Nov 7 20:33:49 2018 +0100

    Add Breaks on python-boto
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Created: 2018-11-08 Last update: 2018-11-17 12:18

RFH: The maintainer is looking for help with this package. normal

The current maintainer is looking for someone who can help with the maintenance of this package. If you are interested in this package, please consider helping out. One way you can help is offer to be a co-maintainer or triage bugs in the BTS. Please see bug number #332498 for more information.

Created: 2017-12-02 Last update: 2017-12-02 00:26

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2017-10-26 Last update: 2018-08-22 07:28

news

[rss feed]

[2018-10-31] openssl 1.1.1-2 MIGRATED to testing (Debian testing watch)
[2018-10-29] Accepted openssl 1.1.1-2 (source) into unstable (Sebastian Andrzej Siewior)
[2018-10-28] openssl 1.1.1-1 MIGRATED to testing (Debian testing watch)
[2018-09-12] Accepted openssl 1.1.1-1 (source) into unstable (Sebastian Andrzej Siewior)
[2018-08-21] Accepted openssl 1.1.1~~pre9-1 (source) into unstable (Kurt Roeckx)
[2018-07-28] Accepted openssl 1.0.1t-1+deb8u9 (source all amd64) into oldstable (Markus Koschany)
[2018-07-04] Accepted openssl 1.1.1~~pre8-1 (source) into experimental (Sebastian Andrzej Siewior)
[2018-05-30] Accepted openssl 1.1.1~~pre7-1 (source) into experimental (Sebastian Andrzej Siewior)
[2018-05-25] openssl 1.1.0h-4 MIGRATED to testing (Debian testing watch)
[2018-05-23] Accepted openssl 1.1.0h-4 (source) into unstable (Sebastian Andrzej Siewior)
[2018-05-23] openssl 1.1.0h-3 MIGRATED to testing (Debian testing watch)
[2018-05-18] Accepted openssl 1.1.0h-3 (source) into unstable (Sebastian Andrzej Siewior)
[2018-05-01] Accepted openssl 1.1.1~~pre6-2 (source) into experimental (Kurt Roeckx)
[2018-05-01] Accepted openssl 1.1.1~~pre6-1 (source) into experimental (Kurt Roeckx)
[2018-04-03] Accepted openssl 1.1.1~~pre4-1 (source) into experimental (Sebastian Andrzej Siewior)
[2018-03-30] Accepted openssl 1.0.1t-1+deb8u8 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Sebastian Andrzej Siewior)
[2018-03-30] Accepted openssl 1.1.0f-3+deb9u2 (source) into proposed-updates->stable-new, proposed-updates (Sebastian Andrzej Siewior)
[2018-03-30] Accepted openssl 1.0.1t-1+deb7u4 (source all amd64) into oldoldstable (Antoine Beaupré)
[2018-03-30] Accepted openssl 1.0.1t-1+deb7u4 (source all amd64) into oldoldstable (Antoine Beaupré)
[2018-03-30] openssl 1.1.0h-2 MIGRATED to testing (Debian testing watch)
[2018-03-30] openssl 1.1.0h-2 MIGRATED to testing (Debian testing watch)
[2018-03-29] Accepted openssl 1.1.0f-3+deb9u2 (source) into stable->embargoed, stable (Sebastian Andrzej Siewior)
[2018-03-29] Accepted openssl 1.0.1t-1+deb8u8 (source all) into oldstable->embargoed, oldstable (Sebastian Andrzej Siewior)
[2018-03-28] Accepted openssl 1.1.0h-2 (source) into unstable (Sebastian Andrzej Siewior)
[2018-03-27] Accepted openssl 1.1.0h-1 (source) into unstable (Sebastian Andrzej Siewior)
[2018-03-20] Accepted openssl 1.1.1~~pre3-1 (source) into experimental (Sebastian Andrzej Siewior)
[2018-02-27] Accepted openssl 1.1.1~~pre2-1 (source) into experimental (Sebastian Andrzej Siewior)
[2018-02-25] Accepted openssl 1.1.1~~pre1-1 (source) into experimental (Sebastian Andrzej Siewior)
[2017-11-18] Accepted openssl 1.0.1t-1+deb8u7 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Kurt Roeckx)
[2017-11-12] Accepted openssl 1.1.0f-3+deb9u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Kurt Roeckx)

bugs [bug history graph]

all: 79
RC: 2
I&N: 48
M&W: 29
F&P: 0
patch: 1

links

homepage
lintian (2, 3)
buildd: logs, checks, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.1.1-1ubuntu2
111 bugs (6 patches)
patches for 1.1.1-1ubuntu2