[ubuntu/hirsute-proposed] openssl 1.1.1j-1ubuntu3 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Thu Mar 25 16:28:13 UTC 2021
openssl (1.1.1j-1ubuntu3) hirsute; urgency=medium
* SECURITY UPDATE: NULL pointer deref in signature_algorithms processing
- debian/patches/CVE-2021-3449-1.patch: fix NULL pointer dereference in
ssl/statem/extensions.c.
- debian/patches/CVE-2021-3449-2.patch: teach TLSProxy how to encrypt
<= TLSv1.2 ETM records in util/perl/TLSProxy/Message.pm.
- debian/patches/CVE-2021-3449-3.patch: add a test to
test/recipes/70-test_renegotiation.t.
- debian/patches/CVE-2021-3449-4.patch: ensure buffer/length pairs are
always in sync in ssl/s3_lib.c, ssl/ssl_lib.c,
ssl/statem/extensions.c, ssl/statem/extensions_clnt.c,
ssl/statem/statem_clnt.c, ssl/statem/statem_srvr.c.
- CVE-2021-3449
* SECURITY UPDATE: CA cert check bypass with X509_V_FLAG_X509_STRICT
- debian/patches/CVE-2021-3450-1.patch: do not override error return
value by check_curve in crypto/x509/x509_vfy.c,
test/verify_extra_test.c.
- debian/patches/CVE-2021-3450-2.patch: fix return code check in
crypto/x509/x509_vfy.c.
- CVE-2021-3450
Date: Thu, 25 Mar 2021 11:44:30 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl/1.1.1j-1ubuntu3
-------------- next part --------------
Format: 1.8
Date: Thu, 25 Mar 2021 11:44:30 -0400
Source: openssl
Built-For-Profiles: noudeb
Architecture: source
Version: 1.1.1j-1ubuntu3
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
openssl (1.1.1j-1ubuntu3) hirsute; urgency=medium
.
* SECURITY UPDATE: NULL pointer deref in signature_algorithms processing
- debian/patches/CVE-2021-3449-1.patch: fix NULL pointer dereference in
ssl/statem/extensions.c.
- debian/patches/CVE-2021-3449-2.patch: teach TLSProxy how to encrypt
<= TLSv1.2 ETM records in util/perl/TLSProxy/Message.pm.
- debian/patches/CVE-2021-3449-3.patch: add a test to
test/recipes/70-test_renegotiation.t.
- debian/patches/CVE-2021-3449-4.patch: ensure buffer/length pairs are
always in sync in ssl/s3_lib.c, ssl/ssl_lib.c,
ssl/statem/extensions.c, ssl/statem/extensions_clnt.c,
ssl/statem/statem_clnt.c, ssl/statem/statem_srvr.c.
- CVE-2021-3449
* SECURITY UPDATE: CA cert check bypass with X509_V_FLAG_X509_STRICT
- debian/patches/CVE-2021-3450-1.patch: do not override error return
value by check_curve in crypto/x509/x509_vfy.c,
test/verify_extra_test.c.
- debian/patches/CVE-2021-3450-2.patch: fix return code check in
crypto/x509/x509_vfy.c.
- CVE-2021-3450
Checksums-Sha1:
1eb8911a0c7d2d7d6e7e73a20cb795fbb1d33876 2737 openssl_1.1.1j-1ubuntu3.dsc
e7a1f413b767d48147a610350df20521334e0036 149192 openssl_1.1.1j-1ubuntu3.debian.tar.xz
b0b771d3af02e1ace91dedec1981e9aa4a0d0bb9 6350 openssl_1.1.1j-1ubuntu3_source.buildinfo
Checksums-Sha256:
560df8dee88e42ab1662a5979a26541b1d91ddf7db6bae007fb629622444b94d 2737 openssl_1.1.1j-1ubuntu3.dsc
c10f9c73ffd45ce06047c9d89d70cc40be04a919a2b0af5823c996c64947070e 149192 openssl_1.1.1j-1ubuntu3.debian.tar.xz
bda2ca48c14fef88e1331bf4025ae23f08fd76b2b3f3cf32e9f8cd28aef41cc4 6350 openssl_1.1.1j-1ubuntu3_source.buildinfo
Files:
55c17daa2aec83b50c82c199370a65f8 2737 utils optional openssl_1.1.1j-1ubuntu3.dsc
39b46cfde8ec76e8a98e364931784c07 149192 utils optional openssl_1.1.1j-1ubuntu3.debian.tar.xz
a3eda1bd6e7706c3b488a15e682f4df1 6350 utils optional openssl_1.1.1j-1ubuntu3_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>
More information about the Hirsute-changes
mailing list