[ubuntu/mantic-proposed] openssl 3.0.9-1ubuntu1 (Accepted)
Gianfranco Costamagna
locutusofborg at debian.org
Mon Jun 12 09:24:14 UTC 2023
openssl (3.0.9-1ubuntu1) mantic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Remaining changes:
+ Symlink changelog{,.Debian}.gz and copyright.gz from libssl-dev to
openssl
+ d/libssl3.postinst: Revert Debian deletion
- Skip services restart & reboot notification if needrestart is in-use.
- Bump version check to 1.1.1 (bug opened as LP: #1999139)
- Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- Import libraries/restart-without-asking template as used by above.
+ Add support for building with noudeb build profile.
+ Use perl:native in the autopkgtest for installability on i386.
openssl (3.0.9-1) unstable; urgency=medium
* Import 3.0.7
- CVE-2023-0464 (Excessive Resource Usage Verifying X.509 Policy
Constraints) (Closes: #1034720).
- CVE-2023-0465 (Invalid certificate policies in leaf certificates are
silently ignored).
- CVE-2023-0466 (Certificate policy check not enabled).
- Alternative fix for CVE-2022-4304 (Timing Oracle in RSA Decryption).
- CVE-2023-2650 (Possible DoS translating ASN.1 object identifiers).
- CVE-2023-1255 (Input buffer over-read in AES-XTS implementation on 64 bit ARM).
- Add new symbol.
openssl (3.0.8-1ubuntu3) mantic; urgency=medium
* SECURITY UPDATE: DoS in AES-XTS cipher decryption
- debian/patches/CVE-2023-1255.patch: avoid buffer overrread in
crypto/aes/asm/aesv8-armx.pl.
- CVE-2023-1255
* SECURITY UPDATE: Possible DoS translating ASN.1 object identifiers
- debian/patches/CVE-2023-2650.patch: restrict the size of OBJECT
IDENTIFIERs that OBJ_obj2txt will translate in
crypto/objects/obj_dat.c.
- CVE-2023-2650
* Replace CVE-2022-4304 fix with improved version
- debian/patches/revert-CVE-2022-4304.patch: remove previous fix.
- debian/patches/CVE-2022-4304.patch: use alternative fix in
crypto/bn/bn_asm.c, crypto/bn/bn_blind.c, crypto/bn/bn_lib.c,
crypto/bn/bn_local.h, crypto/rsa/rsa_ossl.c.
openssl (3.0.8-1ubuntu2) mantic; urgency=medium
* Manual reupload from lunar-security to mantic-proposed pocket, due to
LP failing to copy it
openssl (3.0.8-1ubuntu1.1) lunar-security; urgency=medium
* SECURITY UPDATE: excessive resource use when verifying policy constraints
- debian/patches/CVE-2023-0464-1.patch: limit the number of nodes created
in a policy tree (the default limit is set to 1000 nodes).
- debian/patches/CVE-2023-0464-2.patch: add test cases for the policy
resource overuse.
- debian/patches/CVE-2023-0464-3.patch: disable the policy tree
exponential growth test conditionally.
- CVE-2023-0464
* SECURITY UPDATE: invalid certificate policies ignored in leaf certificates
- debian/patches/CVE-2023-0465-1.patch: ensure that EXFLAG_INVALID_POLICY
is checked even in leaf certs.
- debian/patches/CVE-2023-0465-2.patch: generate some certificates with
the certificatePolicies extension.
- debian/patches/CVE-2023-0465-3.patch: add a certificate policies test.
- CVE-2023-0466
* SECURITY UPDATE: certificate policy check in X509_VERIFY_PARAM_add0_policy
not enabled as documented
- debian/patches/CVE-2023-0466.patch: fix documentation of
X509_VERIFY_PARAM_add0_policy().
- CVE-2023-0466
Date: Mon, 12 Jun 2023 11:19:44 +0200
Changed-By: Gianfranco Costamagna <locutusofborg at debian.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl/3.0.9-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 12 Jun 2023 11:19:44 +0200
Source: openssl
Built-For-Profiles: noudeb
Architecture: source
Version: 3.0.9-1ubuntu1
Distribution: mantic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Gianfranco Costamagna <locutusofborg at debian.org>
Closes: 1034720
Launchpad-Bugs-Fixed: 1999139
Changes:
openssl (3.0.9-1ubuntu1) mantic; urgency=low
.
* Merge from Debian unstable. Remaining changes:
- Remaining changes:
+ Symlink changelog{,.Debian}.gz and copyright.gz from libssl-dev to
openssl
+ d/libssl3.postinst: Revert Debian deletion
- Skip services restart & reboot notification if needrestart is in-use.
- Bump version check to 1.1.1 (bug opened as LP: #1999139)
- Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- Import libraries/restart-without-asking template as used by above.
+ Add support for building with noudeb build profile.
+ Use perl:native in the autopkgtest for installability on i386.
.
openssl (3.0.9-1) unstable; urgency=medium
.
* Import 3.0.7
- CVE-2023-0464 (Excessive Resource Usage Verifying X.509 Policy
Constraints) (Closes: #1034720).
- CVE-2023-0465 (Invalid certificate policies in leaf certificates are
silently ignored).
- CVE-2023-0466 (Certificate policy check not enabled).
- Alternative fix for CVE-2022-4304 (Timing Oracle in RSA Decryption).
- CVE-2023-2650 (Possible DoS translating ASN.1 object identifiers).
- CVE-2023-1255 (Input buffer over-read in AES-XTS implementation on 64 bit ARM).
- Add new symbol.
.
openssl (3.0.8-1ubuntu3) mantic; urgency=medium
.
* SECURITY UPDATE: DoS in AES-XTS cipher decryption
- debian/patches/CVE-2023-1255.patch: avoid buffer overrread in
crypto/aes/asm/aesv8-armx.pl.
- CVE-2023-1255
* SECURITY UPDATE: Possible DoS translating ASN.1 object identifiers
- debian/patches/CVE-2023-2650.patch: restrict the size of OBJECT
IDENTIFIERs that OBJ_obj2txt will translate in
crypto/objects/obj_dat.c.
- CVE-2023-2650
* Replace CVE-2022-4304 fix with improved version
- debian/patches/revert-CVE-2022-4304.patch: remove previous fix.
- debian/patches/CVE-2022-4304.patch: use alternative fix in
crypto/bn/bn_asm.c, crypto/bn/bn_blind.c, crypto/bn/bn_lib.c,
crypto/bn/bn_local.h, crypto/rsa/rsa_ossl.c.
.
openssl (3.0.8-1ubuntu2) mantic; urgency=medium
.
* Manual reupload from lunar-security to mantic-proposed pocket, due to
LP failing to copy it
.
openssl (3.0.8-1ubuntu1.1) lunar-security; urgency=medium
.
* SECURITY UPDATE: excessive resource use when verifying policy constraints
- debian/patches/CVE-2023-0464-1.patch: limit the number of nodes created
in a policy tree (the default limit is set to 1000 nodes).
- debian/patches/CVE-2023-0464-2.patch: add test cases for the policy
resource overuse.
- debian/patches/CVE-2023-0464-3.patch: disable the policy tree
exponential growth test conditionally.
- CVE-2023-0464
* SECURITY UPDATE: invalid certificate policies ignored in leaf certificates
- debian/patches/CVE-2023-0465-1.patch: ensure that EXFLAG_INVALID_POLICY
is checked even in leaf certs.
- debian/patches/CVE-2023-0465-2.patch: generate some certificates with
the certificatePolicies extension.
- debian/patches/CVE-2023-0465-3.patch: add a certificate policies test.
- CVE-2023-0466
* SECURITY UPDATE: certificate policy check in X509_VERIFY_PARAM_add0_policy
not enabled as documented
- debian/patches/CVE-2023-0466.patch: fix documentation of
X509_VERIFY_PARAM_add0_policy().
- CVE-2023-0466
Checksums-Sha1:
aa69c6876d007d957b22a03b344768e18c82ed5c 2718 openssl_3.0.9-1ubuntu1.dsc
b569725118c0603537c9a19449046b41b39627c8 15181285 openssl_3.0.9.orig.tar.gz
fae89348414f17e5e7782ba3452e03e97a9cba85 833 openssl_3.0.9.orig.tar.gz.asc
ac94ab85f20b8f5aac15a1c28acca88facbb6e62 106836 openssl_3.0.9-1ubuntu1.debian.tar.xz
a626593a73f93dfc35b8f3417457b652b328c45a 7198 openssl_3.0.9-1ubuntu1_source.buildinfo
Checksums-Sha256:
dd75aff4b3af3f831c6396f14f1054d541265bce6e0940860a93509d6af663a0 2718 openssl_3.0.9-1ubuntu1.dsc
eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90 15181285 openssl_3.0.9.orig.tar.gz
75f46c27c14fbe84c16d41ed95b1af347641c06a53533d3926c4fc05f59ef87a 833 openssl_3.0.9.orig.tar.gz.asc
684f9ec3d4feb3cd45640cfcff5dcf5ea7989445d686b350651e43deac01b8ad 106836 openssl_3.0.9-1ubuntu1.debian.tar.xz
57a982cadc7c2d4c26a79a2bccaea0109ef5573e6008a82767f6a1f6ad409b73 7198 openssl_3.0.9-1ubuntu1_source.buildinfo
Files:
ec3111af3a1d3ac6f05ed2dbbb4baedf 2718 utils optional openssl_3.0.9-1ubuntu1.dsc
8b2aff668b8ce0da24b9505ebfd26b4d 15181285 utils optional openssl_3.0.9.orig.tar.gz
55648b488efe8b690d65ca0fed27d414 833 utils optional openssl_3.0.9.orig.tar.gz.asc
773dfbd4f319bd3712c4a4789179429d 106836 utils optional openssl_3.0.9-1ubuntu1.debian.tar.xz
5206bffb414d8219a494e1e814039952 7198 utils optional openssl_3.0.9-1ubuntu1_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at alioth-lists.debian.net>
More information about the mantic-changes
mailing list