[ubuntu/hirsute-proposed] openssl 1.1.1f-1ubuntu5 (Accepted)

Tue Dec 8 17:54:15 UTC 2020

openssl (1.1.1f-1ubuntu5) hirsute; urgency=medium

  * SECURITY UPDATE: EDIPARTYNAME NULL pointer de-ref
    - debian/patches/CVE-2020-1971-1.patch: use explicit tagging for
      DirectoryString in crypto/x509v3/v3_genn.c.
    - debian/patches/CVE-2020-1971-2.patch: correctly compare EdiPartyName
      in crypto/x509v3/v3_genn.c.
    - debian/patches/CVE-2020-1971-3.patch: check that multi-strings/CHOICE
      types don't use implicit tagging in crypto/asn1/asn1_err.c,
      crypto/asn1/tasn_dec.c, crypto/err/openssl.txt,
      include/openssl/asn1err.h.
    - debian/patches/CVE-2020-1971-4.patch: complain if we are attempting
      to encode with an invalid ASN.1 template in crypto/asn1/asn1_err.c,
      crypto/asn1/tasn_enc.c, crypto/err/openssl.txt,
      include/openssl/asn1err.h.
    - debian/patches/CVE-2020-1971-5.patch: add a test for GENERAL_NAME_cmp
      in test/v3nametest.c.
    - debian/patches/CVE-2020-1971-6.patch: add a test for
      encoding/decoding using an invalid ASN.1 Template in
      test/asn1_decode_test.c, test/asn1_encode_test.c.
    - CVE-2020-1971

Date: Tue, 08 Dec 2020 12:33:52 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu5
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 08 Dec 2020 12:33:52 -0500
Source: openssl
Architecture: source
Version: 1.1.1f-1ubuntu5
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 openssl (1.1.1f-1ubuntu5) hirsute; urgency=medium
 .
   * SECURITY UPDATE: EDIPARTYNAME NULL pointer de-ref
     - debian/patches/CVE-2020-1971-1.patch: use explicit tagging for
       DirectoryString in crypto/x509v3/v3_genn.c.
     - debian/patches/CVE-2020-1971-2.patch: correctly compare EdiPartyName
       in crypto/x509v3/v3_genn.c.
     - debian/patches/CVE-2020-1971-3.patch: check that multi-strings/CHOICE
       types don't use implicit tagging in crypto/asn1/asn1_err.c,
       crypto/asn1/tasn_dec.c, crypto/err/openssl.txt,
       include/openssl/asn1err.h.
     - debian/patches/CVE-2020-1971-4.patch: complain if we are attempting
       to encode with an invalid ASN.1 template in crypto/asn1/asn1_err.c,
       crypto/asn1/tasn_enc.c, crypto/err/openssl.txt,
       include/openssl/asn1err.h.
     - debian/patches/CVE-2020-1971-5.patch: add a test for GENERAL_NAME_cmp
       in test/v3nametest.c.
     - debian/patches/CVE-2020-1971-6.patch: add a test for
       encoding/decoding using an invalid ASN.1 Template in
       test/asn1_decode_test.c, test/asn1_encode_test.c.
     - CVE-2020-1971
Checksums-Sha1:
 149093c77e9a73d59e4653801794a56c67331cf6 2705 openssl_1.1.1f-1ubuntu5.dsc
 687fe850f8d314dc14ae3a8e5c4c53f9619d8775 154368 openssl_1.1.1f-1ubuntu5.debian.tar.xz
 d33efabe4705390ed5d8290f082c7216b2e36fa3 6184 openssl_1.1.1f-1ubuntu5_source.buildinfo
Checksums-Sha256:
 2752e81496955d87837de3f92befd4095f96c6de2a1830711ad25aeb89476b93 2705 openssl_1.1.1f-1ubuntu5.dsc
 2da57fd436f4dbf5872a6d9c18d854b19b41432058c39a04765c4c1443597cf1 154368 openssl_1.1.1f-1ubuntu5.debian.tar.xz
 db69758da86388213df0ab26cec6e194458ffdf788a899739558f5c050ebe7ad 6184 openssl_1.1.1f-1ubuntu5_source.buildinfo
Files:
 7e8616b1992bedf2b403f4236b76747c 2705 utils optional openssl_1.1.1f-1ubuntu5.dsc
 f3f8d79c0e3b6089d8b3caa15372220e 154368 utils optional openssl_1.1.1f-1ubuntu5.debian.tar.xz
 4e96747d01d7d539a6bd83de68ed614f 6184 utils optional openssl_1.1.1f-1ubuntu5_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl/PvU8ACgkQZWnYVadE
vpPv7Q//R2rHBwt07EbSYvB7N8Yo/VwtcSnfFHiCkOuuZwu4FvB4OY6LG3DZMddo
IqpmtPv+XXUHisQse9thV0IE4n4b8V5lfFNAWzMqHOQSoeIg+hs3iOJkJljTN2xz
l+r7d8x65Jxs/U/g446abvLo8DEkzvGDBU6FLsW+7NgnbRDyN7wTvn6FFb9HEAWS
FMfdx/P+bODFO/DWNcPisodZpMbXhKGN2c3MeSoWksM+IpRDr7/gZky4Dn/mEslB
7vASmnUZQInitPGw18K5aplcl9KT8xVpIQCUg6MfAgENauHmbYcuJTNwWrbHuvI9
3i/ObY53VcdMOUBNxeItKvBWmmqRKFaD6d0U2batB7ndzgB32kV4BMcebDevi8YU
3G1/PwUjokV2EzpGfSZkXVbPyrXP2HKVoAfpv74y8tjdwKEQF6+cKDrDYZLxQqA1
9WoGYD8Y754q6nAVI0TKnDrEkHYEb15v6MtTeVETvmirokaDI+HieP23E3Jb298R
5IaJ1JwLo9DwHHnwU6Jq8KZjl+DQr6WoY708+6/pkcJEZp5LVShzFrIIiWqRh06U
mFBIfgjgZcdCtZPyQOnlj/96Gabrq6qPcvRfbBZOrtJqohQbMiLO04xk8+V5eerm
xNfRHMbvvsXHOipECDMQqomn5F4isz8DctgvZLzfOyqooGCy/+8=
=WyZu
-----END PGP SIGNATURE-----