new: {} removed: {} changed: ['libssl1.0.0:amd64', 'libssl1.1:amd64', 'openssl'] new snaps: {} removed snaps: {} changed snaps: [] ==== openssl: 1.1.1-1ubuntu2.1~18.04.21 => 1.1.1-1ubuntu2.1~18.04.22 ==== ==== libssl1.1:amd64 openssl * SECURITY UPDATE: excessive resource use when verifying policy constraints - debian/patches/CVE-2023-0464-1.patch: limit the number of nodes created in a policy tree (the default limit is set to 1000 nodes). - debian/patches/CVE-2023-0464-2.patch: add test cases for the policy resource overuse. - debian/patches/CVE-2023-0464-3.patch: disable the policy tree exponential growth test conditionally. - CVE-2023-0464 * SECURITY UPDATE: invalid certificate policies ignored in leaf certificates - debian/patches/CVE-2023-0465-1.patch: ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs. - debian/patches/CVE-2023-0465-2.patch: generate some certificates with the certificatePolicies extension. - debian/patches/CVE-2023-0465-3.patch: add a certificate policies test. - CVE-2023-0466 * SECURITY UPDATE: certificate policy check in X509_VERIFY_PARAM_add0_policy not enabled as documented - debian/patches/CVE-2023-0466.patch: fix documentation of X509_VERIFY_PARAM_add0_policy(). - CVE-2023-0466 ==== openssl1.0: 1.0.2n-1ubuntu5.11 => 1.0.2n-1ubuntu5.12 ==== ==== libssl1.0.0:amd64 * SECURITY UPDATE: excessive resource use when verifying policy constraints - debian/patches/CVE-2023-0464.patch: limit the number of nodes created in a policy tree (the default limit is set to 1000 nodes). - CVE-2023-0464 * SECURITY UPDATE: invalid certificate policies ignored in leaf certificates - debian/patches/CVE-2023-0465.patch: ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs. - CVE-2023-0466 * SECURITY UPDATE: certificate policy check in X509_VERIFY_PARAM_add0_policy not enabled as documented - debian/patches/CVE-2023-0466.patch: fix documentation of X509_VERIFY_PARAM_add0_policy(). - CVE-2023-0466