[ubuntu/questing-proposed] openssl 3.5.3-1ubuntu2 (Accepted)

Hlib Korzhynskyy hlib.korzhynskyy at canonical.com
Wed Oct 1 16:55:34 UTC 2025 

openssl (3.5.3-1ubuntu2) questing; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read & write in RFC 3211 KEK Unwrap
    - debian/patches/CVE-2025-9230.patch: fix incorrect check of unwrapped
      key size in crypto/cms/cms_pwri.c.
    - CVE-2025-9230
  * SECURITY UPDATE: Timing side-channel in SM2 algorithm on 64 bit ARM
    - debian/patches/CVE-2025-9231-1.patch: use constant time modular
      inversion in crypto/ec/ecp_sm2p256.c.
    - debian/patches/CVE-2025-9231-2.patch: remove unused code in
      crypto/ec/ecp_sm2p256.c.
    - CVE-2025-9231
  * SECURITY UPDATE: Out-of-bounds read in HTTP client no_proxy handling
    - debian/patches/CVE-2025-9232.patch: add missing terminating NUL byte
      in crypto/http/http_lib.c.
    - CVE-2025-9232

Date: Tue, 30 Sep 2025 16:17:50 -0230
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openssl/3.5.3-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Tue, 30 Sep 2025 16:17:50 -0230
Source: openssl
Built-For-Profiles: noudeb
Architecture: source
Version: 3.5.3-1ubuntu2
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Changes:
 openssl (3.5.3-1ubuntu2) questing; urgency=medium
 .
   * SECURITY UPDATE: Out-of-bounds read & write in RFC 3211 KEK Unwrap
     - debian/patches/CVE-2025-9230.patch: fix incorrect check of unwrapped
       key size in crypto/cms/cms_pwri.c.
     - CVE-2025-9230
   * SECURITY UPDATE: Timing side-channel in SM2 algorithm on 64 bit ARM
     - debian/patches/CVE-2025-9231-1.patch: use constant time modular
       inversion in crypto/ec/ecp_sm2p256.c.
     - debian/patches/CVE-2025-9231-2.patch: remove unused code in
       crypto/ec/ecp_sm2p256.c.
     - CVE-2025-9231
   * SECURITY UPDATE: Out-of-bounds read in HTTP client no_proxy handling
     - debian/patches/CVE-2025-9232.patch: add missing terminating NUL byte
       in crypto/http/http_lib.c.
     - CVE-2025-9232
Checksums-Sha1:
 2d1d7c5413cd12d6d62ae0c6ae7954ac519829f2 2600 openssl_3.5.3-1ubuntu2.dsc
 b17291fdfec2262564659dc02af4a91acd31da20 67424 openssl_3.5.3-1ubuntu2.debian.tar.xz
 3a0073b9cdddd69e6a8895b318074bbda584d7cc 6458 openssl_3.5.3-1ubuntu2_source.buildinfo
Checksums-Sha256:
 4eac20d0794e772ce44e4f08ff1ad10bead35eb2d8ab872240d88fbe71d7ceb3 2600 openssl_3.5.3-1ubuntu2.dsc
 aad93da3c75450bf06227e59fd3267fc08094e7bacfcb98dcd3944917a0222b8 67424 openssl_3.5.3-1ubuntu2.debian.tar.xz
 0e9ca1fc8ddb1423cb97800e9490a7953e6fc437dd6843ea46970acf335ceba3 6458 openssl_3.5.3-1ubuntu2_source.buildinfo
Files:
 c0d6985ae2f17bb5fb4813a3b6532ce7 2600 utils optional openssl_3.5.3-1ubuntu2.dsc
 846edd23558a68dfaadb3c29ddccd02f 67424 utils optional openssl_3.5.3-1ubuntu2.debian.tar.xz
 4073830422f4930a4bfb16222daf26bb 6458 utils optional openssl_3.5.3-1ubuntu2_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at alioth-lists.debian.net>

More information about the Questing-changes mailing list