[Pkg-openssl-devel] Inquiry on availability of OpenSSL 3.6.3 Debian packages for CVE-2026-45447 fix
Dennis Joseph (Nokia)
dennis.joseph at nokia.com
Thu Jun 11 12:12:23 BST 2026
Dear Debian OpenSSL Maintainers,
I hope you are doing well.
We are currently addressing a security vulnerability (CVE-2026-45447) in our environment and understand that the upstream OpenSSL release 3.6.3 includes the necessary fixes.
>From the Debian tracker page (https://tracker.debian.org/pkg/openssl ), we see that the upstream tarball for version 3.6.3 is available. However, it appears that corresponding Debian packages have not yet been published in the pool repository: https://ftp.debian.org/debian/pool/main/o/openssl/?C=M;O=A
At our end, building and maintaining custom Debian packages from upstream sources poses some challenges, particularly within our containerized deployment workflows. Therefore, we wanted to check:
* Are there any plans to release OpenSSL 3.6.3 Debian packages (.deb) in the Debian repositories or pool?
* If so, is there an estimated timeline for availability?
* Alternatively, are there any pre-release, backported, or testing packages available that we could leverage?
We would greatly appreciate any guidance or pointers you could provide, as having an official .deb package would significantly simplify our remediation process.
Thank you very much for your continued work maintaining OpenSSL in Debian.
Snippet of currently installed version:
beamuser at f6984f26ffdd:/app$ dpkg -l | egrep "libssl3t|openssl"
ii libssl3t64:amd64 3.6.2-1 amd64 Secure Sockets Layer toolkit - shared libraries
ii openssl 3.6.2-1 amd64 Secure Sockets Layer toolkit - cryptographic utility
ii openssl-provider-legacy 3.6.2-1 amd64 Secure Sockets Layer toolkit - cryptographic utility
Regards,
Dennis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20260611/1f3a65d3/attachment.htm>
More information about the Pkg-openssl-devel
mailing list