Accepted openssl 1.0.1t-1+deb8u11 (source all amd64) into oldstable

Fri, 01 Mar 2019 13:12:12 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 01 Mar 2019 16:25:39 +0100
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl-dev libssl-doc 
libssl1.0.0-dbg
Architecture: source all amd64
Version: 1.0.1t-1+deb8u11
Distribution: jessie-security
Urgency: high
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
 libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.0.1t-1+deb8u11) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2019-1559:
     Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding
     oracle attack in OpenSSL.
     If an application encounters a fatal protocol error and then calls
     SSL_shutdown() twice (once to send a close_notify, and once to receive one)
     then OpenSSL can respond differently to the calling application if a 0 byte
     record is received with invalid padding compared to if a 0 byte record is
     received with an invalid MAC. If the application then behaves differently
     based on that in a way that is detectable to the remote peer, then this
     amounts to a padding oracle that could be used to decrypt data.
 .
     In order for this to be exploitable "non-stitched" ciphersuites must be in
     use. Stitched ciphersuites are optimised implementations of certain
     commonly used ciphersuites. Also the application must call SSL_shutdown()
     twice even if a protocol error has occurred (applications should not do
     this but some do anyway). AEAD ciphersuites are not impacted.
Checksums-Sha1:
 59d63557a4494f2db518991bb738fc2740ae6fbf 2427 openssl_1.0.1t-1+deb8u11.dsc
 82bbf327e569a70c93c0e85e24cb1ad035905e83 116008 
openssl_1.0.1t-1+deb8u11.debian.tar.xz
 949e0d12c79dbac67d8b5372b880916213057fa3 1168000 
libssl-doc_1.0.1t-1+deb8u11_all.deb
 427ae9aecffd26b0b07092278413d89e1234b9e5 664632 
openssl_1.0.1t-1+deb8u11_amd64.deb
 97c268ee6d8b3abf24cbe01da4d80074d1887510 1046796 
libssl1.0.0_1.0.1t-1+deb8u11_amd64.deb
 c4e389464eedf035e9807b5f02141975b6f1c365 643474 
libcrypto1.0.0-udeb_1.0.1t-1+deb8u11_amd64.udeb
 c4d6ec45ec2dd649c2648cfd73aa08dd053833c4 1284940 
libssl-dev_1.0.1t-1+deb8u11_amd64.deb
 504b2d0ba2f9d81d64a432e815b4a96df682e491 2819836 
libssl1.0.0-dbg_1.0.1t-1+deb8u11_amd64.deb
Checksums-Sha256:
 1b2ea8314ab20895989a9ca0c1f6a3244baf6e889f9e9563245083ab8525e710 2427 
openssl_1.0.1t-1+deb8u11.dsc
 deaab80273c0a2928a3184576856cbaa37993130a1a938a22dca6d341ffc3deb 116008 
openssl_1.0.1t-1+deb8u11.debian.tar.xz
 ee1d4cdfc57678ed2ba484b2975e28695fdd20c0a0144b2c1f4702978601c79d 1168000 
libssl-doc_1.0.1t-1+deb8u11_all.deb
 c5424c87b93594ce2fdf19ae60eb955a3ed1b2f5518e98706460315e8e38a1c8 664632 
openssl_1.0.1t-1+deb8u11_amd64.deb
 793926fb2d9bd152cdf72551d9a36c83090e0f574dbe0063de1528465bf46479 1046796 
libssl1.0.0_1.0.1t-1+deb8u11_amd64.deb
 e049b747a8f73584f61b0a971f970b87cdf79ecd9aad8c6869a6283fe3d9bd08 643474 
libcrypto1.0.0-udeb_1.0.1t-1+deb8u11_amd64.udeb
 5c16fd8e8d300ade9456df6ed0e2dda33a0665550bc29dc7da4f22fc12686ea2 1284940 
libssl-dev_1.0.1t-1+deb8u11_amd64.deb
 d666e920683fcd868fd45fcb595b0ce31afa5fd0fa398a2c71ce226aa7ac984c 2819836 
libssl1.0.0-dbg_1.0.1t-1+deb8u11_amd64.deb
Files:
 e04299c1bd9b6c4db50bce0fbfc2af23 2427 utils optional 
openssl_1.0.1t-1+deb8u11.dsc
 1f1c0a5cb858701b9da3983469b10eff 116008 utils optional 
openssl_1.0.1t-1+deb8u11.debian.tar.xz
 db028d465a4961addb74f220b8a03d6e 1168000 doc optional 
libssl-doc_1.0.1t-1+deb8u11_all.deb
 a865663fe2049f75c50117b33c6210e3 664632 utils optional 
openssl_1.0.1t-1+deb8u11_amd64.deb
 988393d399c0c8776e0e05a505e68fe0 1046796 libs important 
libssl1.0.0_1.0.1t-1+deb8u11_amd64.deb
 4a93fdc96133b55b1bf4b73bebdf355e 643474 debian-installer optional 
libcrypto1.0.0-udeb_1.0.1t-1+deb8u11_amd64.udeb
 83442579b3ec3e01116b8b8b574d1487 1284940 libdevel optional 
libssl-dev_1.0.1t-1+deb8u11_amd64.deb
 6dc81e92c0a1ef8e8693f6bd5407b7dd 2819836 debug extra 
libssl1.0.0-dbg_1.0.1t-1+deb8u11_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlx5m2NfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkVU8QAMZ/AeA8wo89PQ8wL30Exrl8miDfwX9PPUOI
Rqz3+5atE24Z74ktecnv+C9PDDj67hDRsyYCM7BTDtRzfnzNdjMJQVh3PNclbx8J
GnV0FpCgE2wDhiBZQogBf4/Z8tA4QBB3WQvyg7Qox0rGLdwqU0UgJPuK+IiPNrzc
WXgNvnpcnL68o72fZPv0Re1EhWORCfP9GWPvqGZA/lm4Ux9/otgj3oYfzKH8Pip9
5yIlqr5Ww5n4bzA5cBrhWdyaRy/WN6yOKGmvj8S1ZabeUWF6+ld9OUOMLmyxurlw
8Nx6rVRZ1LunDI0lNgaD1rmHbxmqAX+iLNP0d86jNzUPNKWQYgfYNXcJaz+CVVx+
1NjGeOAQgNvNaiTEdIGJIWjxKpvTv3Y8hfCvBBFbsuvp/wvFVnxH54Ng+iUl1bju
M6Oo0udRk1qcfYywVxX1/iYB3yAfEs7nWBTfgYbKzopwQCtDPqQUtMLGStEDnWiZ
XBIrfWI9y1c828UxnbXznuKxz99zr6X3XZnzVqnrlCE8sDcBkcctTIfvlCo/Fdkw
awWA54qOnJsT9CUjoFqBRR9daUM6O1tJ8G9QfHqHDKG2WkRH5nG2Va+dpRVadBO6
x98CRRaceR8QgY55WZo5svMNJZUI0K2k53Q2JocrgsmMI/hijD6yOnSxF4gE2XX2
uBtvwt+8
=/GmW
-----END PGP SIGNATURE-----

Reply via email to