[Git][security-tracker-team/security-tracker][master] Add new openssl issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 7 17:59:15 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e12d846a by Salvatore Bonaccorso at 2026-04-07T18:58:45+02:00
Add new openssl issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2026-28386 [Out-of-bounds read in AES-CFB-128 on X86-64 with AVX-512 support]
+	- openssl <unfixed>
+	[trixie] - openssl <not-affected> (Vulnerable code introduced later)
+	[bookworm] - openssl <not-affected> (Vulnerable code introduced later)
+	[bullseye] - openssl <not-affected> (Vulnerable code introduced later)
+	NOTE: https://openssl-library.org/news/secadv/20260407.txt
+CVE-2026-28387 [Potential use-after-free in DANE client code]
+	- openssl <unfixed>
+	NOTE: https://openssl-library.org/news/secadv/20260407.txt
+CVE-2026-28388 [NULL Pointer Dereference When Processing a Delta CRL]
+	- openssl <unfixed>
+	NOTE: https://openssl-library.org/news/secadv/20260407.txt
+CVE-2026-28389 [Possible NULL dereference when processing CMS KeyAgreeRecipientInfo]
+	- openssl <unfixed>
+	NOTE: https://openssl-library.org/news/secadv/20260407.txt
+CVE-2026-28390 [Possible NULL dereference when processing CMS KeyTransportRecipientInfo]
+	- openssl <unfixed>
+	NOTE: https://openssl-library.org/news/secadv/20260407.txt
+CVE-2026-31789 [Heap buffer overflow in hexadecimal conversion]
+	- openssl <unfixed>
+	NOTE: https://openssl-library.org/news/secadv/20260407.txt
+CVE-2026-31790 [Incorrect failure handling in RSA KEM RSASVE encapsulation]
+	- openssl <unfixed>
+	NOTE: https://openssl-library.org/news/secadv/20260407.txt
 CVE-2026-33034 [Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass]
 	- python-django <unfixed> (bug #1132927)
 	NOTE: https://www.djangoproject.com/weblog/2026/apr/07/security-releases/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e12d846aa0985bcfe4810f01d5426d23c1d86129

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e12d846aa0985bcfe4810f01d5426d23c1d86129
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260407/165013a5/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list