[ubuntu/focal-security] openssl 1.1.1f-1ubuntu2.12 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Mar 15 16:38:31 UTC 2022
openssl (1.1.1f-1ubuntu2.12) focal-security; urgency=medium
* SECURITY UPDATE: Infinite loop in BN_mod_sqrt()
- debian/patches/CVE-2022-0778-1.patch: fix infinite loop in
crypto/bn/bn_sqrt.c.
- debian/patches/CVE-2022-0778-2.patch: add documentation of
BN_mod_sqrt() in doc/man3/BN_add.pod.
- debian/patches/CVE-2022-0778-3.patch: add a negative testcase for
BN_mod_sqrt in test/bntest.c, test/recipes/10-test_bn_data/bnmod.txt.
- CVE-2022-0778
openssl (1.1.1f-1ubuntu2.11) focal; urgency=medium
* Fixup pointer authentication for armv8 systems that support it when
using the poly1305 MAC, preventing segmentation faults. (LP: #1960863)
- d/p/lp-1960863-crypto-poly1305-asm-fix-armv8-pointer-authenticat.patch
openssl (1.1.1f-1ubuntu2.10) focal; urgency=medium
* Cherry-pick upstream fixes to prevent double engine loading (LP: #1951943)
openssl (1.1.1f-1ubuntu2.9) focal; urgency=medium
* Cherry-pick stable patches to fix potential use-after-free. LP:
#1940656
Date: 2022-03-09 14:32:10.451192+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.12
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list