[From nobody Fri Apr 17 09:09:06 2026 Received: (at 1130650-close) by bugs.debian.org; 17 Apr 2026 08:08:57 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-114.1 required=4.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FOURLA, FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,MD5_SHA1_SUM,PGPSIGNATURE, USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 129; hammy, 150; neutral, 290; spammy, 0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK, 0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--UD:debian.tar.xz, 0.000-+--H*r:sk:fasolo., 0.000-+--H*MI:fasolo Return-path: <envelope@ftp-master.debian.org> Received: from muffat.debian.org ([2607:f8f0:614:1::1274:33]:50132) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wDeG1-00DQ2o-0H for 1130650-close@bugs.debian.org; Fri, 17 Apr 2026 08:08:57 +0000 Received: via submission from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, CN=fasolo.debian.org, EMAIL=hostmaster@fasolo.debian.org (verified) by muffat.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wDeFz-006hwi-2s for 1130650-close@bugs.debian.org; Fri, 17 Apr 2026 08:08:56 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=75WqFgFqUzvfaNAis8noYSHDdQvyIT5BxyST4/WXYX0=; b=s05FiYFuf+pp1BUA3gnrzdFbMM HX1e73iWC3L3hPbe5fVyqrDDGT9/byamZRzDdcj06mc7CGsz6u9Va8alm60CFNR9ZT/+hIj58P2EJ 9f48+FfQLSkNy6QcjkHnOKMj7PLkcoHJq0mJHdBOW37irJJaUzMP98bHJqIIl/GKcPUGQG4/vvvDZ +3J3EHv+q0iG2eeFaoJEbPSn/k+efyolhpPbiz30TP6oCDxxnqJ917x4FsAyovMiZH4612op/VEj/ Sap4HCtgf0IexuWJjopnt90jzRNFE9ucCqQW8F7/0z5+mDleV9UV9n9UFgedFjco6BV9ElO9+Wox6 NTE5NDKA==; Received: from dak by fasolo.debian.org with local (Exim 4.98.2) (envelope-from <envelope@ftp-master.debian.org>) id 1wDeFy-0000000At0P-44l4; Fri, 17 Apr 2026 08:08:54 +0000 From: Debian FTP Masters <ftpmaster@ftp-master.debian.org> Reply-To: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> To: 1130650-close@bugs.debian.org X-DAK: dak process-policy X-Debian: DAK X-Debian-Package: openssl Debian: DAK Debian-Changes: openssl_4.0.0-1_amd64.changes Debian-Source: openssl Debian-Version: 4.0.0-1 Debian-Architecture: source amd64 all Debian-Suite: experimental Debian-Archive-Action: accept MIME-Version: 1.0 Subject: Bug#1130650: fixed in openssl 4.0.0-1 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============7334434700722035680==" Message-Id: <E1wDeFy-0000000At0P-44l4@fasolo.debian.org> Date: Fri, 17 Apr 2026 08:08:54 +0000 --===============7334434700722035680== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Source: openssl Source-Version: 4.0.0-1 Done: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> We believe that the bug you reported is fixed in the latest version of openssl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1130650@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastian Andrzej Siewior <sebastian@breakpoint.cc> (supplier of updated open= ssl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 16 Apr 2026 20:31:23 +0200 Source: openssl Binary: libcrypto4-udeb libssl-dev libssl-doc libssl4 libssl4-dbgsym libssl4-= udeb openssl openssl-dbgsym openssl-provider-fips openssl-provider-fips-dbgsy= m openssl-provider-legacy openssl-provider-legacy-dbgsym Architecture: source amd64 all Version: 4.0.0-1 Distribution: experimental Urgency: medium Maintainer: Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net> Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Description: libcrypto4-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl4 - Secure Sockets Layer toolkit - shared libraries libssl4-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility openssl-provider-fips - Secure Sockets Layer toolkit - cryptographic utility openssl-provider-legacy - Secure Sockets Layer toolkit - cryptographic utili= ty Closes: 1130650 Changes: openssl (4.0.0-1) experimental; urgency=3Dmedium . * Import 4.0.0 - CVE-2026-2673 ("OpenSSL TLS 1.3 server may choose unexpected key agree= ment group") (Closes: #1130650). - CVE-2026-28387 ("Potential use-after-free in DANE client code") - CVE-2026-28389 ("Possible NULL dereference when processing CMS KeyAgreeRecipientInfo") - CVE-2026-28390 ("Possible NULL dereference when processing CMS KeyTransportRecipient Info") - CVE-2026-31789 ("Heap buffer overflow in hexadecimal conversion") - CVE-2026-31790 ("Incorrect failure handling in RSA KEM RSASVE encapsulation") - CVE-2026-28386 ("Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-= 512 Support") - CVE-2026-28388 ("NULL Pointer Dereference When Processing a Delta CRL") Checksums-Sha1: 1ef1e742dae5bdbd915958612b4ab690757e0e64 2669 openssl_4.0.0-1.dsc e59dde5179c4eae7ecc4f0530db8774d59558d22 55046677 openssl_4.0.0.orig.tar.gz 4f0ccddaf7823ca1d383b2c45067830a06be040f 833 openssl_4.0.0.orig.tar.gz.asc cbc5bc14b89106416bad69ffbd82649cadfd95c8 48000 openssl_4.0.0-1.debian.tar.xz ac58f45c4bec3d2015507c6b791ca6047a90ac21 2030876 libcrypto4-udeb_4.0.0-1_amd= 64.udeb f478737d63978c7135e725967dda6994bfb73237 3010088 libssl-dev_4.0.0-1_amd64.deb da4b9fd3f3041f56350586765700a36635eba08f 2277348 libssl-doc_4.0.0-1_all.deb 7bf4c634f00712aae01960c732375dbbd6b105e8 6231196 libssl4-dbgsym_4.0.0-1_amd6= 4.deb a8103b4fe712f5504e0e56874f3c44c1b9e6f985 403360 libssl4-udeb_4.0.0-1_amd64.u= deb db640de881b2d199f1b8a4a679b4e427d9f90465 2451476 libssl4_4.0.0-1_amd64.deb 70af3adb2339887602fbd5fadfa892269b07883a 767832 openssl-dbgsym_4.0.0-1_amd64= .deb 2a19f516416cb03303de2058bfd86a0ff83416da 1947468 openssl-provider-fips-dbgsy= m_4.0.0-1_amd64.deb 1549e4da85c51504ba3796e2d614ec812bfa2d2c 1154520 openssl-provider-fips_4.0.0= -1_amd64.deb 5b575763746ccefa9c87234cbf431eaf10c22ea6 106108 openssl-provider-legacy-dbgs= ym_4.0.0-1_amd64.deb 72195d2848969867852a49d34fb492f56f0aeb23 323184 openssl-provider-legacy_4.0.= 0-1_amd64.deb 20a441987359b7ea8a88bb1d99783a94a2e4b861 8916 openssl_4.0.0-1_amd64.buildinfo 6a4fa9ee8adbc8e1484531b1e90c7549e9ea28e6 1548556 openssl_4.0.0-1_amd64.deb Checksums-Sha256: 7a3a723a0861fe2ced4355aaffda5529f6c3e9a74c7e2080e321e69cef279668 2669 openss= l_4.0.0-1.dsc c32cf49a959c4f345f9606982dd36e7d28f7c58b19c2e25d75624d2b3d2f79ac 55046677 op= enssl_4.0.0.orig.tar.gz 5d107fa7d63e4374f0268fbe4442d29edd62574311160e5ed29974f22dc1dc46 833 openssl= _4.0.0.orig.tar.gz.asc 0f9b9f6d32f1e639700e1054c2847ba0a096ac770a5cdd852df76a0527c5d9b3 48000 opens= sl_4.0.0-1.debian.tar.xz e5c0f822a549c2aed58060eecea37b65c837dedf5a00f51e9be2ad710e8c6f62 2030876 lib= crypto4-udeb_4.0.0-1_amd64.udeb e5e8c971ec4c774b5b0cef242152fb5612fbde361cee92935ee1a04c97f7789b 3010088 lib= ssl-dev_4.0.0-1_amd64.deb c2d4b5b18cad8ae64448f9da939b9631508a857832e3bc33502f7fe0beaca7a8 2277348 lib= ssl-doc_4.0.0-1_all.deb fc7e9dac33ef7d77e9901777737e5633e8894af2c7103b03bfb9ed2f3f99fde8 6231196 lib= ssl4-dbgsym_4.0.0-1_amd64.deb 6e792e647f58e98b468c6cc2d77dbe20be50820345408348501c095f334e8ffb 403360 libs= sl4-udeb_4.0.0-1_amd64.udeb 6c12125e515c8030cbb475e56eef2960c5753d6f7cd40cecbd385fcd67d5a434 2451476 lib= ssl4_4.0.0-1_amd64.deb 1ca0fd6b5593b83ffedfedfb6519280ae44893ab990ad07a707689f11cf69499 767832 open= ssl-dbgsym_4.0.0-1_amd64.deb 54f2e58157df53e34836415b071b9deb583d6e6020126f44b3e13170aa0bd200 1947468 ope= nssl-provider-fips-dbgsym_4.0.0-1_amd64.deb 843f4c005515058c8f2813483a936911f866158d81e73b98ceabd5207d60a05d 1154520 ope= nssl-provider-fips_4.0.0-1_amd64.deb 6fa6f514792eff30bed296fee1f7b8c010bf0b01b47356ea247cda95a89cff66 106108 open= ssl-provider-legacy-dbgsym_4.0.0-1_amd64.deb 78e78ae903b3da79c1f9282654d89a8df24236ef3e24001039ce331c970048bb 323184 open= ssl-provider-legacy_4.0.0-1_amd64.deb 79e75720a7202459d04e0dffa07f0e715cb4a879729679809415ca2ab7acb7fe 8916 openss= l_4.0.0-1_amd64.buildinfo 5c8bf22c8be47b59a803408f396e7628f797875caa5e15e55c505a55f702cce0 1548556 ope= nssl_4.0.0-1_amd64.deb Files: 379c8134cb6107b4971f05c1ffd4e3eb 2669 utils optional openssl_4.0.0-1.dsc f26714e6398a2d921fc5616daaa75231 55046677 utils optional openssl_4.0.0.orig.= tar.gz 7b8faa281f47f17edc39749e57ccb349 833 utils optional openssl_4.0.0.orig.tar.g= z.asc 03cd1deed01c53ae3748952e08903040 48000 utils optional openssl_4.0.0-1.debian= .tar.xz a395242b30108e314436de298680f44c 2030876 debian-installer optional libcrypto= 4-udeb_4.0.0-1_amd64.udeb 60ad3b2016dd7ec3d48a7a659a78402b 3010088 libdevel optional libssl-dev_4.0.0-= 1_amd64.deb a75be953d2cf0a6862790e77980cf01b 2277348 doc optional libssl-doc_4.0.0-1_all= .deb 5da285b7ec74a3a85e4cb716e7b4dbb3 6231196 debug optional libssl4-dbgsym_4.0.0= -1_amd64.deb 050c29f97a61a99fabb7ce8c3bece2ad 403360 debian-installer optional libssl4-ud= eb_4.0.0-1_amd64.udeb 6005cde3da5ba55be15f98790400025c 2451476 libs optional libssl4_4.0.0-1_amd64= .deb 91f1e87be0f1bf2c858e8215e204f48d 767832 debug optional openssl-dbgsym_4.0.0-= 1_amd64.deb d4fd16185081173e0d4c6af7949d4f59 1947468 debug optional openssl-provider-fip= s-dbgsym_4.0.0-1_amd64.deb 68e24658898bb57a2494e97e2a918148 1154520 utils optional openssl-provider-fip= s_4.0.0-1_amd64.deb a32e243f890f03f5988d260b628f893d 106108 debug optional openssl-provider-lega= cy-dbgsym_4.0.0-1_amd64.deb 88d709984fd6dbd184358b2aa212aeb2 323184 utils optional openssl-provider-lega= cy_4.0.0-1_amd64.deb 20e834d690a4efc0cc658bb17b975029 8916 utils optional openssl_4.0.0-1_amd64.b= uildinfo 7d2408629a79e14d1d0813bcd3562eda 1548556 utils optional openssl_4.0.0-1_amd6= 4.deb -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAmnhyakACgkQBWQfF1cS +ltczwwAp6SfOFx8BEjfIPByS1mlH19ZhYvhO4EDPTp8KNqLZBmg7XA2TVhAkXd+ ck9l9QJTXhu0EBTZAXWqlG4m1P0e26G5vPIhOVyMKYNs+XhrEfpu9P4wt5U59uP7 tR2iqwRmYqpCR9NPE16UVPGeUdHNexDTT06tbwpcVcvdEwpYnhZKbBfjkimVh74I LcGPzHUxF6iZgs72AzSw1VQ9cWFq18GL6D7xMRy6c1Ax4TNJkUK+KCSLJjIrVi7K PQobRnIp4gguuCuLscNUoC1dveaMRUgfVUvv81I3auhFWwSk2xLj4J9/XiGF2Kl8 YSIdq6A1MSXwxMTfCHF0agB6bHiZp30KlK/4GHPohzo16TNx7Xo9TGk0960ok6Yw 7pFU8vh6ygwbcAIbcfN+9NwoMsmwW6EUmpFVyuV1PzjYn+1VmUtpWkHDae8AodV3 cSxkQntF7jj2hEqRvg1xN6jvpYuAe+aXPeZuMRUIhVMlek4GdRcbgo7GuDxhWS5v YjOFi9cP =3D6I32 -----END PGP SIGNATURE----- --===============7334434700722035680== Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaeHqlgAKCRCb9qggYcy5 IXnjAP90fqKx8zLY+CWk+i+Sn43/csp2i4Pp8fnlmdutmFi5qQD+MP52p3/esnVM ve2nIWqpTS8S60DfweEHXzmJPA/J0Qk= =pSmA -----END PGP SIGNATURE----- --===============7334434700722035680==-- ]