This bug was fixed in the package openssl - 3.2.1-3ubuntu1
---------------
openssl (3.2.1-3ubuntu1) oracular; urgency=medium
* Merge 3.2.1-3 from Debian unstable (LP: #2067384)
- Remaining changes:
+ Symlink changelog{,.Debian}.gz and copyright.gz from libssl-dev to
openssl
+ Use perl:native in the autopkgtest for installability on i386.
+ Disable LTO with which the codebase is generally incompatible
(LP: #2058017)
+ Add fips-mode detection and adjust defaults when running in fips mode
- Dropped changes:
+ d/libssl3.postinst: Revert Debian deletion
- Skip services restart & reboot notification if needrestart is in-use.
- Bump version check to 1.1.1 (bug opened as LP: #1999139)
- Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- Import libraries/restart-without-asking template as used by above.
+ Add support for building with noudeb build profile which has been
integrated
+ Patches that forbade TLS < 1.2 @SECLEVEL=2 which is now upstream
behaviour:
- skip_tls1.1_seclevel3_tests.patch
- tests-use-seclevel-1.patch
- tls1.2-min-seclevel2.patch
+ Revert the provider removal from the default configuration as there's
no point in carrying the delta (will see if Debian drops the patch)
+ d/p/intel/*: was a backport from upstream changes
+ d/p/CVE-*: was a backport from upstream changes
openssl (3.2.1-3) unstable; urgency=medium
* Upload to unstable.
* Correct prvious security level in NEWS file (Closes: #1066116).
openssl (3.2.1-2) experimental; urgency=medium
* Disable brotli and enable zlib for certificate compression.
* Update to latest openssl-3.2 branch.
openssl (3.2.1-1.1~exp1) experimental; urgency=medium
* Non-maintainer upload.
* Rename libraries for 64-bit time_t transition.
openssl (3.2.1-1) experimental; urgency=medium
* Import 3.2.1
- CVE-2024-0727 (PKCS12 Decoding crashes). (Closes: #1061582).
- CVE-2023-6237 (Excessive time spent checking invalid RSA public keys)
(Closes: #1060858).
- CVE-2023-6129 (POLY1305 MAC implementation corrupts vector registers on
PowerPC) (Closes: #1060347).
openssl (3.2.0-2) experimental; urgency=medium
* Use generic target for riscv64.
* Update to latest openssl-3.2 branch.
openssl (3.2.0-1) experimental; urgency=medium
* Import 3.2.0
* Enable zstd, brotli and for certificate compression.
openssl (3.1.4-2) unstable; urgency=medium
* Invoke clean up from the openssl binary as a temporary workaround to avoid
a crash in libp11/SoftHSM engine (Closes: #1054546).
* CVE-2023-5678 (Excessive time spent in DH check / generation with large Q
parameter value) (Closes: #1055473).
* Upload to unstable.
openssl (3.1.4-1) experimental; urgency=medium
* Import 3.1.4
- CVE-2023-5363 (Incorrect cipher key and IV length processing).
openssl (3.1.3-1) experimental; urgency=medium
* Import 3.1.3
openssl (3.1.2-1) experimental; urgency=medium
* Import 3.1.2
- CVE-2023-2975 (AES-SIV implementation ignores empty associated data
entries) (Closes: #1041818).
- CVE-2023-3446 (Excessive time spent checking DH keys and parameters).
(Closes: #1041817).
- CVE-2023-3817 (Excessive time spent checking DH q parameter value).
- Drop bc and m4 from B-D.
openssl (3.1.1-1) experimental; urgency=medium
* Import 3.1.1
- CVE-2023-0464 (Excessive Resource Usage Verifying X.509 Policy
Constraints) (Closes: #1034720).
- CVE-2023-0465 (Invalid certificate policies in leaf certificates are
silently ignored).
- CVE-2023-0466 (Certificate policy check not enabled).
- Alternative fix for CVE-2022-4304 (Timing Oracle in RSA Decryption).
- CVE-2023-2650 (Possible DoS translating ASN.1 object identifiers).
- CVE-2023-1255 (Input buffer over-read in AES-XTS implementation on 64 bit
ARM).
- Add new symbol.
openssl (3.1.0-1) experimental; urgency=medium
* Import 3.1.0
* Add new symbols.
-- Adrien Nader <[email protected]> Tue, 28 May 2024 14:30:44
+0200
** Changed in: openssl (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-4304
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0464
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0465
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0466
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1255
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-2650
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-2975
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-3446
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-3817
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-5363
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-5678
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6129
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6237
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-0727
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067384
Title:
openssl: merge 3.2.1-3 from unstable
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2067384/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
