[Pkg-openssl-devel] openssl_3.5.4-1~deb13u2_source.changes ACCEPTED into proposed-updates

Debian FTP Masters ftpmaster at ftp-master.debian.org
Thu Jan 29 18:48:32 GMT 2026 

Thank you for your contribution to Debian.



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jan 2026 16:50:07 +0100
Source: openssl
Architecture: source
Version: 3.5.4-1~deb13u2
Distribution: trixie-security
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-devel at alioth-lists.debian.net>
Changed-By: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
Changes:
 openssl (3.5.4-1~deb13u2) trixie-security; urgency=medium
 .
   * CVE-2025-11187 (Improper validation of PBMAC1 parameters in PKCS#12 MAC
     verification)
   * CVE-2025-15467 (Stack buffer overflow in CMS AuthEnvelopedData parsing)
   * CVE-2025-15468 (NULL dereference in SSL_CIPHER_find() function on unknown
     cipher ID)
   * CVE-2025-15469 ("openssl dgst" one-shot codepath silently truncates inputs
     >16MB)
   * CVE-2025-66199 (TLS 1.3 CompressedCertificate excessive memory allocation)
   * CVE-2025-68160 (Heap out-of-bounds write in BIO_f_linebuffer on short
     writes)
   * CVE-2025-69418 (Unauthenticated/unencrypted trailing bytes with low-level
     OCB function calls)
   * CVE-2025-69419 (Out of bounds write in PKCS12_get_friendlyname() UTF-8
     conversion)
   * CVE-2025-69420 (Missing ASN1_TYPE validation in TS_RESP_verify_response()
     function)
   * CVE-2025-69421 (NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex
     function)
   * CVE-2026-22795 (Missing ASN1_TYPE validation in PKCS#12 parsing)
   * CVE-2026-22796 (ASN1_TYPE Type Confusion in the
     PKCS7_digest_from_attributes() function)
Checksums-Sha1:
 287729fb89e8fbfd6e544091a70b7d8e5007f5be 2707 openssl_3.5.4-1~deb13u2.dsc
 b75daac8e10f189abe28a076ba5905d363e4801f 53190367 openssl_3.5.4.orig.tar.gz
 5f2dc895c3124ec1a04e17f2aa679f86ec49227c 833 openssl_3.5.4.orig.tar.gz.asc
 2a1f2a04b97dcdfa1622496197eb85c0207936f2 65020 openssl_3.5.4-1~deb13u2.debian.tar.xz
Checksums-Sha256:
 646eb71bec0d395e564f1dd88e26ddede052200d37293bb03aa1372897b17dd8 2707 openssl_3.5.4-1~deb13u2.dsc
 967311f84955316969bdb1d8d4b983718ef42338639c621ec4c34fddef355e99 53190367 openssl_3.5.4.orig.tar.gz
 cfcabcfc6e43237392e0ab42e2326fceb71037036c2adaa7ecc7e251778e38f4 833 openssl_3.5.4.orig.tar.gz.asc
 f9edcab4e1d849a6c29e1c7821516c19d7dead327bb78b015d07445622922437 65020 openssl_3.5.4-1~deb13u2.debian.tar.xz
Files:
 18b606ea5aef77be07e92a57f4c93408 2707 utils optional openssl_3.5.4-1~deb13u2.dsc
 570a7ab371147b6ba72c6d0fed93131f 53190367 utils optional openssl_3.5.4.orig.tar.gz
 fc505832a9796504dcd48c14fd34c4cb 833 utils optional openssl_3.5.4.orig.tar.gz.asc
 eaf4b0d539d98d82a781db1aa41c479d 65020 utils optional openssl_3.5.4-1~deb13u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAml07cIACgkQBWQfF1cS
+lv1Kwv/eXgnx1ZsldQNMANiiEReGnRipXaY109cUod3c6AUS1hUSVbbgMxSi4mu
xolERHpKLe2qs5PkPVfrsUwnF6mcgUdDPROpAQSPF/D7wXQbz6zWbqJgtKcR0xDQ
x0XJKZnUqdQ+Aq3JV/nZTywNnjiYXQrDdaDTcorx3+IhG8ILcqVhwqIFqA7Hwbje
KKRh3Iw4VZqEIEJ4SYt5YDf19Pl2cSAgSFWTyihDSkI4GDrwPJ/0c3p+R1g91PgN
v5hqKfvpjliRoCffeY4EoATYCKiaxck+QTy/r/Z0GRyzDpgW66Ip//VbJQkNMDoA
c9mfII3ZsujnyObR4HCjyitPZzM01N9ZUhYUBVfGOGUOZRHdgyH+iTR0au8LgxgE
Z9XIxdKUhc8IeamIJLNay1++9oi/lBjMx0aSrUi0Fud6XQ/Nh+sIlKmtLmPuaxW2
6gOpS4ABMmsvZ889/4im/Dbao+quDoTVNoFShUNztJv+xHJUqGuiPyN4IjwJOWue
sqk5wHdN
=5J2v
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20260129/93606a4e/attachment.sig>

More information about the Pkg-openssl-devel mailing list