[Git][security-tracker-team/security-tracker][master] Reserve DSA number for openssl update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 9 22:41:12 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
27a9c904 by Salvatore Bonaccorso at 2026-06-09T23:41:00+02:00
Reserve DSA number for openssl update

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -968,16 +968,19 @@ CVE-2026-42770 (Issue summary: When EVP_PKEY_derive_set_peer() is called with a
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-42769 (Issue Summary: An error in the callback used to verify the certificate ...)
 	- openssl <unfixed>
+	[trixie] - openssl 3.5.6-1~deb13u2
 	[bookworm] - openssl <not-affected> (Vulnerable code not present)
 	[bullseye] - openssl <not-affected> (Vulnerable code not present)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-42768 (Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnera ...)
 	- openssl <unfixed>
+	[trixie] - openssl 3.5.6-1~deb13u2
 	[bookworm] - openssl <not-affected> (Vulnerable code not present)
 	[bullseye] - openssl <not-affected> (Vulnerable code not present)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-42767 (Issue summary: An attacker-controlled CMP (Certificate Management Prot ...)
 	- openssl <unfixed>
+	[trixie] - openssl 3.5.6-1~deb13u2
 	[bookworm] - openssl <no-dsa> (Minor issue; can be fixed in next update)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-42766 (Issue summary: A specially crafted password-encrypted CMS message can  ...)
@@ -991,6 +994,7 @@ CVE-2026-42765 (Issue summary: When a partial-chain certificate verification is
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-34181 (Issue Summary: The PKCS#12 file processing fails to perform sufficient ...)
 	- openssl <unfixed>
+	[trixie] - openssl 3.5.6-1~deb13u2
 	[bookworm] - openssl <not-affected> (Vulnerable code not present)
 	[bullseye] - openssl <not-affected> (Vulnerable code not present)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
@@ -1008,6 +1012,7 @@ CVE-2026-45445 (Issue summary: When an application drives an AES-OCB context thr
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-42764 (Issue summary: Receiving a QUIC initial packet with an invalid token m ...)
 	- openssl <unfixed>
+	[trixie] - openssl 3.5.6-1~deb13u2
 	[bookworm] - openssl <not-affected> (Vulnerable code not present)
 	[bullseye] - openssl <not-affected> (Vulnerable code not present)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
@@ -1019,6 +1024,7 @@ CVE-2026-35188 (Issue summary: A malicious server can exploit TLS OCSP stapling
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-34183 (Issue summary: Remote peer may exhaust heap memory of the QUIC server  ...)
 	- openssl <unfixed>
+	[trixie] - openssl 3.5.6-1~deb13u2
 	[bookworm] - openssl <not-affected> (Vulnerable code not present)
 	[bullseye] - openssl <not-affected> (Vulnerable code not present)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[09 Jun 2026] DSA-6335-1 openssl - security update
+	{CVE-2026-7383 CVE-2026-9076 CVE-2026-34180 CVE-2026-34182 CVE-2026-42766 CVE-2026-42770 CVE-2026-45445 CVE-2026-45446 CVE-2026-45447}
+	[bookworm] - openssl 3.0.20-1~deb12u2
+	[trixie] - openssl 3.5.6-1~deb13u2
 [09 Jun 2026] DSA-6334-1 poppler - security update
 	{CVE-2025-43718 CVE-2025-52885 CVE-2026-10118}
 	[bookworm] - poppler 22.12.0-2+deb12u2


=====================================
data/dsa-needed.txt
=====================================
@@ -81,9 +81,6 @@ nss/oldstable
 opennds/oldstable
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x
 --
-openssl (carnil)
-  Maintainer prepared update
---
 pdfminer (carnil)
   Required followup for CVE-2025-64512 as original fix was incomplete.
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27a9c904d5efb636307e3b6d076d67901113f0a1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27a9c904d5efb636307e3b6d076d67901113f0a1
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260609/e9dc6f04/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list