[ubuntu/trusty-proposed] openssl 1.0.1f-1ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Apr 7 21:16:04 UTC 2014 

openssl (1.0.1f-1ubuntu2) trusty; urgency=medium

  * SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
    - debian/patches/CVE-2014-0076.patch: add and use constant time swap in
      crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
      util/libeay.num.
    - CVE-2014-0076
  * SECURITY UPDATE: memory disclosure in TLS heartbeat extension
    - debian/patches/CVE-2014-0160.patch: use correct lengths in
      ssl/d1_both.c, ssl/t1_lib.c.
    - CVE-2014-0160

Date: Mon, 07 Apr 2014 15:37:53 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/trusty/+source/openssl/1.0.1f-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Mon, 07 Apr 2014 15:37:53 -0400
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: source
Version: 1.0.1f-1ubuntu2
Distribution: trusty
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Changes: 
 openssl (1.0.1f-1ubuntu2) trusty; urgency=medium
 .
   * SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
     - debian/patches/CVE-2014-0076.patch: add and use constant time swap in
       crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
       util/libeay.num.
     - CVE-2014-0076
   * SECURITY UPDATE: memory disclosure in TLS heartbeat extension
     - debian/patches/CVE-2014-0160.patch: use correct lengths in
       ssl/d1_both.c, ssl/t1_lib.c.
     - CVE-2014-0160
Checksums-Sha1: 
 97aa17ad20896ba5bd7908cd67459aea39ddb7bd 2358 openssl_1.0.1f-1ubuntu2.dsc
 1a1e5cb1eab18531d83f67519971d6e55e07e2bf 113320 openssl_1.0.1f-1ubuntu2.debian.tar.gz
Checksums-Sha256: 
 dff1a233e11da703dbea1a7de2b2e47a3d8d2d0accb287446f4fd5b0d16e9523 2358 openssl_1.0.1f-1ubuntu2.dsc
 502daed53e05ea381de8c41512820af67b7cd1c5fdcd5a3e4810bb0eb228c1c6 113320 openssl_1.0.1f-1ubuntu2.debian.tar.gz
Files: 
 48f7dec150b0a6678104ab369bb6ac10 2358 utils optional openssl_1.0.1f-1ubuntu2.dsc
 58a4d701ce71a8b10a31edf42dd95db0 113320 utils optional openssl_1.0.1f-1ubuntu2.debian.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>

More information about the Trusty-changes mailing list