[ubuntu/disco-proposed] openssl1.0 1.0.2n-1ubuntu7 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Dec 4 19:56:13 UTC 2018 

openssl1.0 (1.0.2n-1ubuntu7) disco; urgency=medium

  * SECURITY UPDATE: PortSmash side channel attack
    - debian/patches/CVE-2018-5407.patch: fix timing vulnerability in
      crypto/bn/bn_lib.c, crypto/ec/ec_mult.c.
    - CVE-2018-5407
  * SECURITY UPDATE: timing side channel attack in DSA
    - debian/patches/CVE-2018-0734-1.patch: fix timing vulnerability in
      crypto/dsa/dsa_ossl.c.
    - debian/patches/CVE-2018-0734-2.patch: fix mod inverse in
      crypto/dsa/dsa_ossl.c.
    - debian/patches/CVE-2018-0734-3.patch: add a constant time flag in
      crypto/dsa/dsa_ossl.c.
    - CVE-2018-0734

Date: Tue, 04 Dec 2018 10:55:32 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu7
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 04 Dec 2018 10:55:32 -0500
Source: openssl1.0
Binary: libssl1.0.0 libssl1.0-dev libcrypto1.0.0-udeb libssl1.0.0-udeb openssl1.0
Architecture: source
Version: 1.0.2n-1ubuntu7
Distribution: disco
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl1.0-dev - Secure Sockets Layer toolkit - development files
 libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl1.0 - Secure Sockets Layer toolkit 1.0 - cryptographic utility
Changes:
 openssl1.0 (1.0.2n-1ubuntu7) disco; urgency=medium
 .
   * SECURITY UPDATE: PortSmash side channel attack
     - debian/patches/CVE-2018-5407.patch: fix timing vulnerability in
       crypto/bn/bn_lib.c, crypto/ec/ec_mult.c.
     - CVE-2018-5407
   * SECURITY UPDATE: timing side channel attack in DSA
     - debian/patches/CVE-2018-0734-1.patch: fix timing vulnerability in
       crypto/dsa/dsa_ossl.c.
     - debian/patches/CVE-2018-0734-2.patch: fix mod inverse in
       crypto/dsa/dsa_ossl.c.
     - debian/patches/CVE-2018-0734-3.patch: add a constant time flag in
       crypto/dsa/dsa_ossl.c.
     - CVE-2018-0734
Checksums-Sha1:
 76ffbbdd3660c6afca31d8c819b493737ae6b3a6 2705 openssl1.0_1.0.2n-1ubuntu7.dsc
 a3e821059c0022d2b31463fa5a34b14f542637d2 109408 openssl1.0_1.0.2n-1ubuntu7.debian.tar.xz
 8348b13b9d8ab32c9a4c96abe16882fa49ba149c 5575 openssl1.0_1.0.2n-1ubuntu7_source.buildinfo
Checksums-Sha256:
 c5eba6829228c1e69adf17247d8e3e7f4c24032927e0d1ef8a23b69381475c5b 2705 openssl1.0_1.0.2n-1ubuntu7.dsc
 759b468c273eebe2981b5faf5b965a3c4014c5388394b0eec31acabab137c59e 109408 openssl1.0_1.0.2n-1ubuntu7.debian.tar.xz
 9e1235595c2d09b66aac44455e7e01a42d0a9ebef02c43187ee5be70ee38e620 5575 openssl1.0_1.0.2n-1ubuntu7_source.buildinfo
Files:
 cebf827b4451898713a2be6f0e82e055 2705 utils optional openssl1.0_1.0.2n-1ubuntu7.dsc
 287f7afdc44f474d4825950cd0005081 109408 utils optional openssl1.0_1.0.2n-1ubuntu7.debian.tar.xz
 c2d28d251f1ea86348f0964b66f619ff 5575 utils optional openssl1.0_1.0.2n-1ubuntu7_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlwG25gACgkQZWnYVadE
vpMQ2A//eoSzACPraeTuZLshQx4WWqZvoxxF99wRUIaGiA1VaBEvMcQ9uXA3HNUp
ophXbSdg+n/HTeYDxfcnS9YU+x9q5FQCDVr4tXHIaWELcCcELC10dj2J71sMCS4K
xLVDbW9Ervn6zpjVLu5Z+AaSLg+mKvsKOs0Cif/EXUvQDFedbGzOk0GwdGW3IvP8
kM50uR6wu07gWg5LOBx0Az7h1UhE9+HGgHmuuwYwy4z1QnnNLUMQ0cSk2OCW3EAZ
AFTn4NdoaC6/ABCCOzrVBEeSwdYI97uKOlde+6EMotimMb7vf1gllUBwyOp1pJjJ
W/iTPUxA7+dt8eZzEDvlMlRKexjRDsJ8/nK1WN5m46wkpNtVgA+VFghsbFccF2jj
4Blyis10JXGYSQl0Wf4llk0QmFsOzfh8/f5o+CP3fA1w9i1liAUrn52yK5hhiiQq
nDpYxF9y500gT6f2MZyoLfVXZeAYOIOQiRZuMBn4H+6n9OS3fT/JbQ5yqoNcf7ta
6XOKt7G4VlVzHcLalacWn/vVBBkiFX/fv/7G7tr+TOM1fLXb/Baw/sAU+ICrruwL
MUTD+na36vuRSSBZxhX5EbaVxlYRluiM4DVtCVZS9cgs6Uuy/KUTnGktReHW4URU
gTtmZNrSqHZV0dKhSJuQsanm1jx5pDIP+3rYlDjFEE3EHzpyZFQ=
=Ioej
-----END PGP SIGNATURE-----

More information about the Disco-changes mailing list