Format: 1.8 Date: Tue, 30 Sep 2025 16:17:50 -0230 Source: openssl Built-For-Profiles: noudeb Architecture: source Version: 3.5.3-1ubuntu2 Distribution: questing Urgency: medium Maintainer: Ubuntu Developers Changed-By: Hlib Korzhynskyy Changes: openssl (3.5.3-1ubuntu2) questing; urgency=medium . * SECURITY UPDATE: Out-of-bounds read & write in RFC 3211 KEK Unwrap - debian/patches/CVE-2025-9230.patch: fix incorrect check of unwrapped key size in crypto/cms/cms_pwri.c. - CVE-2025-9230 * SECURITY UPDATE: Timing side-channel in SM2 algorithm on 64 bit ARM - debian/patches/CVE-2025-9231-1.patch: use constant time modular inversion in crypto/ec/ecp_sm2p256.c. - debian/patches/CVE-2025-9231-2.patch: remove unused code in crypto/ec/ecp_sm2p256.c. - CVE-2025-9231 * SECURITY UPDATE: Out-of-bounds read in HTTP client no_proxy handling - debian/patches/CVE-2025-9232.patch: add missing terminating NUL byte in crypto/http/http_lib.c. - CVE-2025-9232 Checksums-Sha1: 2d1d7c5413cd12d6d62ae0c6ae7954ac519829f2 2600 openssl_3.5.3-1ubuntu2.dsc b17291fdfec2262564659dc02af4a91acd31da20 67424 openssl_3.5.3-1ubuntu2.debian.tar.xz 3a0073b9cdddd69e6a8895b318074bbda584d7cc 6458 openssl_3.5.3-1ubuntu2_source.buildinfo Checksums-Sha256: 4eac20d0794e772ce44e4f08ff1ad10bead35eb2d8ab872240d88fbe71d7ceb3 2600 openssl_3.5.3-1ubuntu2.dsc aad93da3c75450bf06227e59fd3267fc08094e7bacfcb98dcd3944917a0222b8 67424 openssl_3.5.3-1ubuntu2.debian.tar.xz 0e9ca1fc8ddb1423cb97800e9490a7953e6fc437dd6843ea46970acf335ceba3 6458 openssl_3.5.3-1ubuntu2_source.buildinfo Files: c0d6985ae2f17bb5fb4813a3b6532ce7 2600 utils optional openssl_3.5.3-1ubuntu2.dsc 846edd23558a68dfaadb3c29ddccd02f 67424 utils optional openssl_3.5.3-1ubuntu2.debian.tar.xz 4073830422f4930a4bfb16222daf26bb 6458 utils optional openssl_3.5.3-1ubuntu2_source.buildinfo Original-Maintainer: Debian OpenSSL Team