[Pkg-openssl-devel] openssl_3.6.2-1_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat Apr 11 15:48:47 BST 2026
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 11 Apr 2026 16:27:58 +0200
Source: openssl
Architecture: source
Version: 3.6.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-devel at alioth-lists.debian.net>
Changed-By: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
Closes: 1130650
Changes:
openssl (3.6.2-1) unstable; urgency=medium
.
* Import 3.6.2
- CVE-2026-2673 ("OpenSSL TLS 1.3 server may choose unexpected key agreement
group") (Closes: #1130650).
- CVE-2026-28387 ("Potential use-after-free in DANE client code")
- CVE-2026-28389 ("Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo")
- CVE-2026-28390 ("Possible NULL dereference when processing CMS
KeyTransportRecipient Info")
- CVE-2026-31789 ("Heap buffer overflow in hexadecimal conversion")
- CVE-2026-31790 ("Incorrect failure handling in RSA KEM RSASVE
encapsulation")
- CVE-2026-28386 ("Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512
Support")
- CVE-2026-28388 ("NULL Pointer Dereference When Processing a Delta CRL")
Checksums-Sha1:
cd9d1831533cc75e9b81f3c40e3b8a85b0626cad 2849 openssl_3.6.2-1.dsc
47596475539bdaf7e67448fae5bcd457d0262520 54913556 openssl_3.6.2.orig.tar.gz
be40bbb4e145fe92738e222ca268b4be8835c53f 833 openssl_3.6.2.orig.tar.gz.asc
fdd118da0376ccf839ab560bb0b7dbe0e3516648 48404 openssl_3.6.2-1.debian.tar.xz
Checksums-Sha256:
c94552e5abc4935764624321bcd29e6c113c3c74af1b85239b523c9f01998e08 2849 openssl_3.6.2-1.dsc
aaf51a1fe064384f811daeaeb4ec4dce7340ec8bd893027eee676af31e83a04f 54913556 openssl_3.6.2.orig.tar.gz
c325b2975a9be4fe03425286badbe7a380a6f1e98325c180024182fca62396c1 833 openssl_3.6.2.orig.tar.gz.asc
4fa6b0d775292b983fba3e5686c850253fc978e9c07c13efb6bca030ac2e93c3 48404 openssl_3.6.2-1.debian.tar.xz
Files:
39945c096b4c891a7033d0293c071c52 2849 utils optional openssl_3.6.2-1.dsc
f27e8f53ac612bb0e3e781a45799fb90 54913556 utils optional openssl_3.6.2.orig.tar.gz
bcd46c3b8e3ecac700e11bc98ffb47c1 833 utils optional openssl_3.6.2.orig.tar.gz.asc
a988c79fe1d267369aba3537f2076300 48404 utils optional openssl_3.6.2-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZCVGlf/wqkRmzBnme5boFiqM9dEFAmnaWpEACgkQe5boFiqM
9dEolA//X4G2csm0LPGulcrFjLXtQ5EWhkO9lMrwSKgKWvE/KItKbZAemioJplyx
UMQZzfcLD0L5A7uaF77mQ+mkrP3flWK84ymvcphnkFSHC5/MpYZl897V8VmM3QW3
7aHTzHw6y1BH5KrSknJb8CA7Gl2VYTQrYgHrrHm0BLokPH8n7Axc3vy0nR4eLRqc
rKs+dPp5/NkOhUwwkF6c+ijnKgnVU35fcqiXYSiVS8Qsdvrw4PAQ4drVH+i6oIcS
H20SDoNf0IkKRSk1k3rRbO5Yd67nuuUOe0aqfNCHUXd8A/Iy0FtRmTbzcTAmQAQM
Z7mx+wsJb/Oy+VPYX+0suK3vEYWkuWkyIytZIqy3jpx2wTdnTCQX+TWMsoUJ2oLW
NsWP7WIW+mLwrl4CFOxJjgQM5dvUIl4vA63dMOY3MMjb7paGG062B/EHjNm/K3Wd
zJA58tVYflwB0PCfWaBH+32Blf2nVrT0ynj1J60vKhG3A4KNsvkpnUZxno+Edt2c
CZE+sKNNRhgAYRU9P0/dM83SyWK8ZxOR2z6xpcPWrPB8Eqf+U2Jaqz2HhJUo1Vhe
D9G7T0H0NqFxakc82FrI6KGtoxySmzKdpvzX0luAHYz0sLZ8w/prLB/+Z+1T7rR8
o11afmo1SFtk9jho3tvZXKWHa2L0Or2GmYk2uGeF0Nw/u38r3Sc=
=fK2l
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20260411/064923bf/attachment.sig>
More information about the Pkg-openssl-devel
mailing list