Univention Bugzilla – Bug 50683
openssl1.0: Multiple issues (4.3)
Last modified: 2020-01-15 17:20:57 CET
New Debian openssl1.0 1.0.2u-1~deb9u1 fixes: This update addresses the following issues: * side-channel weak encryption vulnerability (CVE-2019-1547) * information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563) * Integer overflow in RSAZ modular exponentiation on x86_64 (CVE-2019-1551)
--- mirror/ftp/4.3/unmaintained/4.3-5/source/openssl1.0_1.0.2t-1~deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-5/source/openssl1.0_1.0.2u-1~deb9u1.dsc @@ -1,3 +1,8 @@ +1.0.2u-1~deb9u1 [Mon, 23 Dec 2019 23:24:17 +0100] Sebastian Andrzej Siewior <sebastian@breakpoint.cc>: + + * Import 1.0.2u + - CVE-2019-1551 (Overflow in the x64_64 Montgomery squaring procedure). + 1.0.2t-1~deb9u1 [Fri, 27 Sep 2019 21:49:56 +0200] Sebastian Andrzej Siewior <sebastian@breakpoint.cc>: * Import 1.0.2t <http://10.200.17.11/4.3-5/#5714330615747613225>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-5] 6f2b3d6af1 Bug #50683: openssl1.0 1.0.2u-1~deb9u1 doc/errata/staging/openssl1.0.yaml | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) [4.3-5] e6ef36eca1 Bug #50683: openssl1.0 1.0.2u-1~deb9u1 doc/errata/staging/openssl1.0.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+)
<http://errata.software-univention.de/ucs/4.3/630.html>