[Git][security-tracker-team/security-tracker][master] Add reference to reported openssl issue for CVE fixes

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd7d60bd by Salvatore Bonaccorso at 2026-06-11T07:24:19+02:00
Add reference to reported openssl issue for CVE fixes

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1622,7 +1622,7 @@ CVE-2016-20062 (Simply Poll 1.4.1 plugin for WordPress contains an SQL injection
 	NOT-FOR-US: WordPress plugin
 CVE-2026-45446 (Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-S ...)
 	{DSA-6335-1}
-	- openssl <unfixed>
+	- openssl <unfixed> (bug #1139674)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/71e2a5d263518cf5866043bd60ee4994d59e53a3 (openssl-3.0.21)
 CVE-2026-42771 (Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an a ...)
@@ -1630,86 +1630,86 @@ CVE-2026-42771 (Issue summary: When the X509_VERIFY_PARAM_set1_email is called b
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-42770 (Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X ...)
 	{DSA-6335-1}
-	- openssl <unfixed>
+	- openssl <unfixed> (bug #1139674)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/7fbfde7677ed8808828bf00ff01c937ca04bdda2 (openssl-3.0.21)
 CVE-2026-42769 (Issue Summary: An error in the callback used to verify the certificate ...)
-	- openssl <unfixed>
+	- openssl <unfixed> (bug #1139674)
 	[trixie] - openssl 3.5.6-1~deb13u2
 	[bookworm] - openssl <not-affected> (Vulnerable code not present)
 	[bullseye] - openssl <not-affected> (Vulnerable code not present)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-42768 (Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnera ...)
-	- openssl <unfixed>
+	- openssl <unfixed> (bug #1139674)
 	[trixie] - openssl 3.5.6-1~deb13u2
 	[bookworm] - openssl <not-affected> (Vulnerable code not present)
 	[bullseye] - openssl <not-affected> (Vulnerable code not present)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-42767 (Issue summary: An attacker-controlled CMP (Certificate Management Prot ...)
-	- openssl <unfixed>
+	- openssl <unfixed> (bug #1139674)
 	[trixie] - openssl 3.5.6-1~deb13u2
 	[bookworm] - openssl <no-dsa> (Minor issue; can be fixed in next update)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/61a86a8cd73546c9fea916f3d304c1293e05c046 (openssl-3.0.21)
 CVE-2026-42766 (Issue summary: A specially crafted password-encrypted CMS message can  ...)
 	{DSA-6335-1}
-	- openssl <unfixed>
+	- openssl <unfixed> (bug #1139674)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/3ff64913615d648cfbb6a6f1cf5529ae7ea829d7 (openssl-3.0.21)
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/ba699b606969d20a108dda3cfe5422d4cc94eefb (openssl-3.0.21)
 CVE-2026-42765 (Issue summary: When a partial-chain certificate verification is enable ...)
-	- openssl <unfixed>
+	- openssl <unfixed> (bug #1139674)
 	[trixie] - openssl <not-affected> (Vulnerable code not present)
 	[bookworm] - openssl <not-affected> (Vulnerable code not present)
 	[bullseye] - openssl <not-affected> (Vulnerable code not present)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-34181 (Issue Summary: The PKCS#12 file processing fails to perform sufficient ...)
-	- openssl <unfixed>
+	- openssl <unfixed> (bug #1139674)
 	[trixie] - openssl 3.5.6-1~deb13u2
 	[bookworm] - openssl <not-affected> (Vulnerable code not present)
 	[bullseye] - openssl <not-affected> (Vulnerable code not present)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-34180 (Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a pr ...)
 	{DSA-6335-1}
-	- openssl <unfixed>
+	- openssl <unfixed> (bug #1139674)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/cbe418ae978539cf14a398a207dba834c0e93e83 (openssl-3.0.21)
 CVE-2026-9076 (Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key ...)
 	{DSA-6335-1}
-	- openssl <unfixed>
+	- openssl <unfixed> (bug #1139674)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/eecbe330977e8d023aae1ca2d9bdbe983ef3fdc6 (openssl-3.0.21)
 CVE-2026-7383 (Issue summary: A signed integer overflow when sizing the destination b ...)
 	{DSA-6335-1}
-	- openssl <unfixed>
+	- openssl <unfixed> (bug #1139674)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/bd17511070fb39a67bfa19682affb765e706a974 (openssl-3.0.21)
 CVE-2026-45445 (Issue summary: When an application drives an AES-OCB context through t ...)
 	{DSA-6335-1}
-	- openssl <unfixed>
+	- openssl <unfixed> (bug #1139674)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/323f0b6e7d530a4cb4336d50c88cb70f3ac2a451 (openssl-3.0.21)
 CVE-2026-42764 (Issue summary: Receiving a QUIC initial packet with an invalid token m ...)
-	- openssl <unfixed>
+	- openssl <unfixed> (bug #1139674)
 	[trixie] - openssl 3.5.6-1~deb13u2
 	[bookworm] - openssl <not-affected> (Vulnerable code not present)
 	[bullseye] - openssl <not-affected> (Vulnerable code not present)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-35188 (Issue summary: A malicious server can exploit TLS OCSP stapling by del ...)
-	- openssl <unfixed>
+	- openssl <unfixed> (bug #1139674)
 	[trixie] - openssl <not-affected> (Vulnerable code not present)
 	[bookworm] - openssl <not-affected> (Vulnerable code not present)
 	[bullseye] - openssl <not-affected> (Vulnerable code not present)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-34183 (Issue summary: Remote peer may exhaust heap memory of the QUIC server  ...)
-	- openssl <unfixed>
+	- openssl <unfixed> (bug #1139674)
 	[trixie] - openssl 3.5.6-1~deb13u2
 	[bookworm] - openssl <not-affected> (Vulnerable code not present)
 	[bullseye] - openssl <not-affected> (Vulnerable code not present)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-34182 (Issue Summary: Cryptographic Message Services (CMS) processing fails t ...)
 	{DSA-6335-1}
-	- openssl <unfixed>
+	- openssl <unfixed> (bug #1139674)
 	[bullseye] - openssl <not-affected> (Vulnerable code introduced later)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/03c1f4d45fb963aee7d5833390c507cd290182bc (openssl-3.0.21)
@@ -1717,7 +1717,7 @@ CVE-2026-34182 (Issue Summary: Cryptographic Message Services (CMS) processing f
 	NOTE: Introduced with: https://github.com/openssl/openssl/commit/924663c36d47066d5307937da77fed7e872730c7
 CVE-2026-45447 (Issue summary: A specially crafted PKCS#7 or S/MIME signed message cou ...)
 	{DSA-6335-1}
-	- openssl <unfixed>
+	- openssl <unfixed> (bug #1139674)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/9dfd688ad2290fc5075cacbc9bf0c9a93eefed54 (openssl-3.0.21)
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/18de9aba8294b5fb0915866cf3a1bb45f9599b8d (openssl-3.0.21)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd7d60bda60db433a52b436d832283645e68ad08

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd7d60bda60db433a52b436d832283645e68ad08
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260611/13644d82/attachment-0001.htm>