[Git][security-tracker-team/security-tracker][master] CVE-2026-42770/openssl: bullseye not-affected

[Arnaud Rebillout (@arnaudr)]

Arnaud Rebillout pushed to branch master at Debian Security Tracker / security-tracker


Commits:
33bc35a5 by Arnaud Rebillout at 2026-06-11T13:16:44+07:00
CVE-2026-42770/openssl: bullseye not-affected

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1631,8 +1631,10 @@ CVE-2026-42771 (Issue summary: When the X509_VERIFY_PARAM_set1_email is called b
 CVE-2026-42770 (Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X ...)
 	{DSA-6335-1}
 	- openssl <unfixed> (bug #1139674)
+	[bullseye] - openssl <not-affected> (Vulnerable code introduced later)
 	NOTE: https://openssl-library.org/news/secadv/20260609.txt
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/7fbfde7677ed8808828bf00ff01c937ca04bdda2 (openssl-3.0.21)
+	NOTE: Introduced with: https://github.com/openssl/openssl/commit/46eee7104d77f9d303e06a398febdc60fd014d33
 CVE-2026-42769 (Issue Summary: An error in the callback used to verify the certificate ...)
 	- openssl <unfixed> (bug #1139674)
 	[trixie] - openssl 3.5.6-1~deb13u2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33bc35a5415fb53a7ac675e1a5e070f8fbf8bdb0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33bc35a5415fb53a7ac675e1a5e070f8fbf8bdb0
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260611/34ab85c9/attachment-0001.htm>