-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4540-1 security@xxxxxxxxxx https://www.debian.org/security/ Moritz Muehlenhoff October 01, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl1.0 CVE ID : CVE-2019-1547 CVE-2019-1563 Two security issues were discovered in OpenSSL: A timing attack against ECDSA and a padding oracle in PKCS7_dataDecode() and CMS_decrypt_set1_pkey(). For the oldstable distribution (stretch), these problems have been fixed in version 1.0.2t-1~deb9u1. We recommend that you upgrade your openssl1.0 packages. For the detailed security status of openssl1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl1.0 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl2TtGMACgkQEMKTtsN8 TjYZTw/+JisOYAtLOfpOmnge6A9mqR06jiFKpA2ywuyJzZUSlu3SxDaUIkZa/czi NHUcSAFI0KLqy/WgFEA7+dOwFLBEYrfkxufN17XwUALdoacCwH6tpMly9ePmwagl +M9p5m+C3NwTHZjVeGRlnFAaXfHnwbIbKthaxl9dU1E18BX49aKdocDpCWt2CnUe ieWr0VRi9G5vYPBgoEeQHgTd6oAxCVxbKX3qxE1TAdLAdutcaWyhkmBfxHjrTr6n +2T4KxwUT99+AxRXt16FMW+MVtJeUbyXq3SahXkBQiEPuC6Ihh2UVIB7Oe4b14nu 9cRmwvDaAMb0OWM+rWN5K908evAv1E8IjJXU1YrF8s2apNhobJ4ILBQ1a7wUx6BU 2r9L+4tVvOSdHZlbtmRhz+6b32M8sXrtsaKvq5sjK5qd5gK70Em1QPBxj5Tf49Wq qkFPj+afPxQumERZDKnzjOUhtcQIuXtnTyWb0T4sGmlx/1dPVjYEQb8U3ZpIA7hG i+YYklv+7ztxWXltE35J6FsUmer9hiK7gIjBzOAJtR5Yz0MQ4oSd/FVFTl462Xpr 1Zby3+aHEMUTjlyJTSSkVARgk8DxfMHa99zsLBUQESrdu+Gmv5OdP7ETG0upGbI+ NBfInON1OlJYvhNxDbNVOt7vcy3Y4c/cYqK4Uwdn4UYpQc/bQKs= =wPH3 -----END PGP SIGNATURE-----