[Git][security-tracker-team/security-tracker][master] Track fixed version for openssl via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 27 21:44:40 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1b3b09ce by Salvatore Bonaccorso at 2026-01-27T22:44:13+01:00
Track fixed version for openssl via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -330,7 +330,7 @@ CVE-2026-24881 (In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData mes
- gnupg2 <not-affected> (Vulnerable code not present)
NOTE: https://dev.gnupg.org/T8044
CVE-2025-11187 (Issue summary: PBMAC1 parameters in PKCS#12 files are missing validati ...)
- - openssl <unfixed>
+ - openssl 3.5.5-1
[trixie] - openssl 3.5.4-1~deb13u2
[bookworm] - openssl <not-affected> (Vulnerable code introduced later)
[bullseye] - openssl <not-affected> (Vulnerable code introduced later)
@@ -340,7 +340,7 @@ CVE-2025-11187 (Issue summary: PBMAC1 parameters in PKCS#12 files are missing va
NOTE: Testcases: https://github.com/openssl/openssl/commit/c716acac5e0e2216bcf3ab54036f0ef31ebe1b52 (openssl-3.5.5)
CVE-2025-15467 (Issue summary: Parsing CMS AuthEnvelopedData message with maliciously ...)
{DSA-6113-1}
- - openssl <unfixed>
+ - openssl 3.5.5-1
[bullseye] - openssl <not-affected> (Vulnerable code introduced later)
NOTE: https://openssl-library.org/news/secadv/20260127.txt
NOTE: Fixed by: https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc (openssl-3.5.5)
@@ -350,21 +350,21 @@ CVE-2025-15467 (Issue summary: Parsing CMS AuthEnvelopedData message with malici
NOTE: Fixed by: https://github.com/openssl/openssl/commit/cdccf8f2ef17ae020bd69360c43a39306b89c381 (openssl-3.0.19)
NOTE: Test: https://github.com/openssl/openssl/commit/e0666f72294691a808443970b654412a6d92fa0f (openssl-3.0.19)
CVE-2025-15468 (Issue summary: If an application using the SSL_CIPHER_find() function ...)
- - openssl <unfixed>
+ - openssl 3.5.5-1
[trixie] - openssl 3.5.4-1~deb13u2
[bookworm] - openssl <not-affected> (Vulnerable code introduced later)
[bullseye] - openssl <not-affected> (Vulnerable code introduced later)
NOTE: https://openssl-library.org/news/secadv/20260127.txt
NOTE: Fixed by: https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65 (openssl-3.5.5)
CVE-2025-15469 (Issue summary: The 'openssl dgst' command-line tool silently truncates ...)
- - openssl <unfixed>
+ - openssl 3.5.5-1
[trixie] - openssl 3.5.4-1~deb13u2
[bookworm] - openssl <not-affected> (Vulnerable code introduced later)
[bullseye] - openssl <not-affected> (Vulnerable code introduced later)
NOTE: https://openssl-library.org/news/secadv/20260127.txt
NOTE: Fixed by: https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61 (openssl-3.5.5)
CVE-2025-66199 (Issue summary: A TLS 1.3 connection using certificate compression can ...)
- - openssl <unfixed>
+ - openssl 3.5.5-1
[trixie] - openssl 3.5.4-1~deb13u2
[bookworm] - openssl <not-affected> (Vulnerable code introduced later)
[bullseye] - openssl <not-affected> (Vulnerable code introduced later)
@@ -372,43 +372,43 @@ CVE-2025-66199 (Issue summary: A TLS 1.3 connection using certificate compressio
NOTE: Fixed by: https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5 (openssl-3.5.5)
CVE-2025-68160 (Issue summary: Writing large, newline-free data into a BIO chain using ...)
{DSA-6113-1}
- - openssl <unfixed>
+ - openssl 3.5.5-1
NOTE: https://openssl-library.org/news/secadv/20260127.txt
NOTE: Fixed by: https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0 (openssl-3.5.5)
NOTE: Fixed by: https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6 (openssl-3.0.19)
CVE-2025-69418 (Issue summary: When using the low-level OCB API directly with AES-NI o ...)
{DSA-6113-1}
- - openssl <unfixed>
+ - openssl 3.5.5-1
NOTE: https://openssl-library.org/news/secadv/20260127.txt
NOTE: Fixed by: https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8 (openssl-3.5.5)
NOTE: Fixed by: https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347 (openssl-3.0.19)
CVE-2025-69419 (Issue summary: Calling PKCS12_get_friendlyname() function on a malicio ...)
{DSA-6113-1}
- - openssl <unfixed>
+ - openssl 3.5.5-1
NOTE: https://openssl-library.org/news/secadv/20260127.txt
NOTE: Fixed by: https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535 (openssl-3.5.5)
NOTE: Fixed by: https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296 (openssl-3.0.19)
CVE-2025-69420 (Issue summary: A type confusion vulnerability exists in the TimeStamp ...)
{DSA-6113-1}
- - openssl <unfixed>
+ - openssl 3.5.5-1
NOTE: https://openssl-library.org/news/secadv/20260127.txt
NOTE: Fixed by: https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e (openssl-3.5.5)
NOTE: Fixed by: https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a (openssl-3.0.19)
CVE-2025-69421 (Issue summary: Processing a malformed PKCS#12 file can trigger a NULL ...)
{DSA-6113-1}
- - openssl <unfixed>
+ - openssl 3.5.5-1
NOTE: https://openssl-library.org/news/secadv/20260127.txt
NOTE: Fixed by: https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b (openssl-3.5.5)
NOTE: Fixed by: https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7 (openssl-3.0.19)
CVE-2026-22795 (Issue summary: An invalid or NULL pointer dereference can happen in an ...)
{DSA-6113-1}
- - openssl <unfixed>
+ - openssl 3.5.5-1
NOTE: https://openssl-library.org/news/secadv/20260127.txt
NOTE: Fixed by: https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4 (openssl-3.5.5)
NOTE: Fixed by: https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49 (openssl-3.0.19)
CVE-2026-22796 (Issue summary: A type confusion vulnerability exists in the signature ...)
{DSA-6113-1}
- - openssl <unfixed>
+ - openssl 3.5.5-1
NOTE: https://openssl-library.org/news/secadv/20260127.txt
NOTE: Fixed by: https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4 (openssl-3.5.5)
NOTE: Fixed by: https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49 (openssl-3.0.19)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b3b09cebbe9e29d4a294f287e381c021301f083
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b3b09cebbe9e29d4a294f287e381c021301f083
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260127/6950d676/attachment.htm>
More information about the debian-security-tracker-commits
mailing list