[ubuntu/mantic-proposed] openssl 3.0.8-1ubuntu3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed May 31 23:19:21 UTC 2023 

openssl (3.0.8-1ubuntu3) mantic; urgency=medium

  * SECURITY UPDATE: DoS in AES-XTS cipher decryption
    - debian/patches/CVE-2023-1255.patch: avoid buffer overrread in
      crypto/aes/asm/aesv8-armx.pl.
    - CVE-2023-1255
  * SECURITY UPDATE: Possible DoS translating ASN.1 object identifiers
    - debian/patches/CVE-2023-2650.patch: restrict the size of OBJECT
      IDENTIFIERs that OBJ_obj2txt will translate in
      crypto/objects/obj_dat.c.
    - CVE-2023-2650
  * Replace CVE-2022-4304 fix with improved version
    - debian/patches/revert-CVE-2022-4304.patch: remove previous fix.
    - debian/patches/CVE-2022-4304.patch: use alternative fix in
      crypto/bn/bn_asm.c, crypto/bn/bn_blind.c, crypto/bn/bn_lib.c,
      crypto/bn/bn_local.h, crypto/rsa/rsa_ossl.c.

Date: Wed, 24 May 2023 13:04:49 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl/3.0.8-1ubuntu3
-------------- next part --------------
Format: 1.8
Date: Wed, 24 May 2023 13:04:49 -0400
Source: openssl
Built-For-Profiles: noudeb
Architecture: source
Version: 3.0.8-1ubuntu3
Distribution: mantic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 openssl (3.0.8-1ubuntu3) mantic; urgency=medium
 .
   * SECURITY UPDATE: DoS in AES-XTS cipher decryption
     - debian/patches/CVE-2023-1255.patch: avoid buffer overrread in
       crypto/aes/asm/aesv8-armx.pl.
     - CVE-2023-1255
   * SECURITY UPDATE: Possible DoS translating ASN.1 object identifiers
     - debian/patches/CVE-2023-2650.patch: restrict the size of OBJECT
       IDENTIFIERs that OBJ_obj2txt will translate in
       crypto/objects/obj_dat.c.
     - CVE-2023-2650
   * Replace CVE-2022-4304 fix with improved version
     - debian/patches/revert-CVE-2022-4304.patch: remove previous fix.
     - debian/patches/CVE-2022-4304.patch: use alternative fix in
       crypto/bn/bn_asm.c, crypto/bn/bn_blind.c, crypto/bn/bn_lib.c,
       crypto/bn/bn_local.h, crypto/rsa/rsa_ossl.c.
Checksums-Sha1:
 1fd07038446d541c56749aad0a2a52af0994d26d 2474 openssl_3.0.8-1ubuntu3.dsc
 8825b7a18c55a899d8129067f2d771e4f9c2f955 131584 openssl_3.0.8-1ubuntu3.debian.tar.xz
 6a8ef3cc8e6890a0bcad6023ed2f9d7d9571374c 6157 openssl_3.0.8-1ubuntu3_source.buildinfo
Checksums-Sha256:
 ed13bea0d16c8ba1b3807fd286522cb6f877c0287a94681075cd7510f142c945 2474 openssl_3.0.8-1ubuntu3.dsc
 fdbccf949fe58e99c2504b70122eab61bcfd64cacddd4c934aef5013206fe7d1 131584 openssl_3.0.8-1ubuntu3.debian.tar.xz
 26f3eddad71bbd6a5b6ac2c00c80d668a92c7efb52e8771c806a2fa314fb18b3 6157 openssl_3.0.8-1ubuntu3_source.buildinfo
Files:
 02f728a1be1b5aaf3195461f6d4c6092 2474 utils optional openssl_3.0.8-1ubuntu3.dsc
 74a7c33504be67c32268fdfd94c44921 131584 utils optional openssl_3.0.8-1ubuntu3.debian.tar.xz
 40dff4c8dc95b267ee2aa10798fec1e3 6157 utils optional openssl_3.0.8-1ubuntu3_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at alioth-lists.debian.net>

More information about the mantic-changes mailing list