[Git][security-tracker-team/security-tracker][master] Add references for openssl issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e7035cf by Salvatore Bonaccorso at 2026-06-10T16:16:04+02:00
Add references for openssl issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1352,6 +1352,7 @@ CVE-2026-45446 (Issue summary: The implementations of AES-SIV (RFC 5297) and AES
 	{DSA-6335-1}
 	- openssl <unfixed>
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
+	NOTE: Fixed by: https://github.com/openssl/openssl/commit/71e2a5d263518cf5866043bd60ee4994d59e53a3 (openssl-3.0.21)
 CVE-2026-42771 (Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an a ...)
 	- openssl <not-affected> (Vulnerable code not present)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
@@ -1359,6 +1360,7 @@ CVE-2026-42770 (Issue summary: When EVP_PKEY_derive_set_peer() is called with a
 	{DSA-6335-1}
 	- openssl <unfixed>
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
+	NOTE: Fixed by: https://github.com/openssl/openssl/commit/7fbfde7677ed8808828bf00ff01c937ca04bdda2 (openssl-3.0.21)
 CVE-2026-42769 (Issue Summary: An error in the callback used to verify the certificate ...)
 	- openssl <unfixed>
 	[trixie] - openssl 3.5.6-1~deb13u2
@@ -1376,10 +1378,13 @@ CVE-2026-42767 (Issue summary: An attacker-controlled CMP (Certificate Managemen
 	[trixie] - openssl 3.5.6-1~deb13u2
 	[bookworm] - openssl <no-dsa> (Minor issue; can be fixed in next update)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
+	NOTE: Fixed by: https://github.com/openssl/openssl/commit/61a86a8cd73546c9fea916f3d304c1293e05c046 (openssl-3.0.21)
 CVE-2026-42766 (Issue summary: A specially crafted password-encrypted CMS message can  ...)
 	{DSA-6335-1}
 	- openssl <unfixed>
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
+	NOTE: Fixed by: https://github.com/openssl/openssl/commit/3ff64913615d648cfbb6a6f1cf5529ae7ea829d7 (openssl-3.0.21)
+	NOTE: Fixed by: https://github.com/openssl/openssl/commit/ba699b606969d20a108dda3cfe5422d4cc94eefb (openssl-3.0.21)
 CVE-2026-42765 (Issue summary: When a partial-chain certificate verification is enable ...)
 	- openssl <unfixed>
 	[trixie] - openssl <not-affected> (Vulnerable code not present)
@@ -1396,18 +1401,22 @@ CVE-2026-34180 (Issue summary: Parsing a crafted DER-encoded ASN.1 structure wit
 	{DSA-6335-1}
 	- openssl <unfixed>
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
+	NOTE: Fixed by: https://github.com/openssl/openssl/commit/cbe418ae978539cf14a398a207dba834c0e93e83 (openssl-3.0.21)
 CVE-2026-9076 (Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key ...)
 	{DSA-6335-1}
 	- openssl <unfixed>
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
+	NOTE: Fixed by: https://github.com/openssl/openssl/commit/eecbe330977e8d023aae1ca2d9bdbe983ef3fdc6 (openssl-3.0.21)
 CVE-2026-7383 (Issue summary: A signed integer overflow when sizing the destination b ...)
 	{DSA-6335-1}
 	- openssl <unfixed>
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
+	NOTE: Fixed by: https://github.com/openssl/openssl/commit/bd17511070fb39a67bfa19682affb765e706a974 (openssl-3.0.21)
 CVE-2026-45445 (Issue summary: When an application drives an AES-OCB context through t ...)
 	{DSA-6335-1}
 	- openssl <unfixed>
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
+	NOTE: Fixed by: https://github.com/openssl/openssl/commit/323f0b6e7d530a4cb4336d50c88cb70f3ac2a451 (openssl-3.0.21)
 CVE-2026-42764 (Issue summary: Receiving a QUIC initial packet with an invalid token m ...)
 	- openssl <unfixed>
 	[trixie] - openssl 3.5.6-1~deb13u2
@@ -1430,10 +1439,14 @@ CVE-2026-34182 (Issue Summary: Cryptographic Message Services (CMS) processing f
 	{DSA-6335-1}
 	- openssl <unfixed>
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
+	NOTE: Fixed by: https://github.com/openssl/openssl/commit/03c1f4d45fb963aee7d5833390c507cd290182bc (openssl-3.0.21)
+	NOTE: Fixed by: https://github.com/openssl/openssl/commit/f48adad79a21fed9bfc31ea3ef65bee810e12ddd (openssl-3.0.21)
 CVE-2026-45447 (Issue summary: A specially crafted PKCS#7 or S/MIME signed message cou ...)
 	{DSA-6335-1}
 	- openssl <unfixed>
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
+	NOTE: Fixed by: https://github.com/openssl/openssl/commit/9dfd688ad2290fc5075cacbc9bf0c9a93eefed54 (openssl-3.0.21)
+	NOTE: Fixed by: https://github.com/openssl/openssl/commit/18de9aba8294b5fb0915866cf3a1bb45f9599b8d (openssl-3.0.21)
 CVE-2026-42488
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-494.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e7035cfc76f98be70131ea832043f2760ef879d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e7035cfc76f98be70131ea832043f2760ef879d
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260610/76865da9/attachment.htm>