[Pkg-openssl-devel] openssl_3.6.3-1_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat Jun 13 19:49:33 BST 2026
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 13 Jun 2026 19:00:51 +0200
Source: openssl
Architecture: source
Version: 3.6.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-devel at alioth-lists.debian.net>
Changed-By: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
Closes: 1139674
Changes:
openssl (3.6.3-1) unstable; urgency=medium
.
* Import 3.6.3 (Closes: #1139674)
- CVE-2026-7383 ("Possible Heap Buffer Overflow in ASN.1 Multibyte String
Conversion")
- CVE-2026-9076 ("Out-of-Bounds Read in CMS Password-Based Decryption")
- CVE-2026-34180 ("Heap Buffer Over-read in ASN.1 Content Parsing")
- CVE-2026-34181 ("PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC
Keys")
- CVE-2026-34182 ("CMS AuthEnvelopedData Processing May Accept Forged
Messages")
- CVE-2026-34183 ("Unbounded Memory Growth in the QUIC PATH_CHALLENGE
Handler")
- CVE-2026-35188 ("Double-free When Checking OCSP Stapled Response")
- CVE-2026-42764 ("NULL pointer dereference in QUIC server initial packet
handling")
- CVE-2026-42765 ("NULL Dereference in Certificate Verification with OCSP
Checking")
- CVE-2026-42766 ("Possible NULL Dereference in Password-Based CMS
Decryption")
- CVE-2026-42767 ("NULL Pointer Dereference in CRMF EncryptedValue
Decryption")
- CVE-2026-42768 ("Multi-RecipientInfo Bleichenbacher Oracle in
CMS_decrypt() and PKCS7_decrypt()")
- CVE-2026-42769 ("Trust-Anchor Substitution via cert/issuer Typo in CMP
rootCaKeyUpdate")
- CVE-2026-42770 ("FFC-DH Peer Validation Uses Attacker-Supplied q")
- CVE-2026-45445 ("AES-OCB IV Ignored on EVP_Cipher() Path")
- CVE-2026-45446 ("Incorrect Tag Processing for Empty Messages in
AES-GCM-SIV and AES-SIV modes")
- CVE-2026-45447 ("Heap Use-After-Free in OpenSSL PKCS7_verify()")
Checksums-Sha1:
d67d8b5686ae864769a69db788d960ddfbc24ef0 2675 openssl_3.6.3-1.dsc
72142e828396004a60af4a8458f30216a7906cbb 54953005 openssl_3.6.3.orig.tar.gz
d35dd18a12f73c9f0fbcb52234ab8fd40a871236 833 openssl_3.6.3.orig.tar.gz.asc
2e81c08e0e82d4d9b2e8262ba0cb609f6953fd9b 51336 openssl_3.6.3-1.debian.tar.xz
Checksums-Sha256:
490192136153d535905ab20e2912f6044a794bbd9abc2d7e5183753be53ba8b4 2675 openssl_3.6.3-1.dsc
243a86649cf6f23eeb6a2ff2456e09e5d77dd9018a54d3d96b0c6bdd6ba6c7f1 54953005 openssl_3.6.3.orig.tar.gz
b63c50e25308f0ace0186196b0b65b698cc73e814a7cc29cd7a43c6d134fd8b4 833 openssl_3.6.3.orig.tar.gz.asc
359040b3f618c38d601968fd097eef2eb4b66de0beb98d862457618f3ce13b26 51336 openssl_3.6.3-1.debian.tar.xz
Files:
a70389af7a456bd57c5fe302079da017 2675 utils optional openssl_3.6.3-1.dsc
f388d6144fe20b9b2c6bf208280d6ec3 54953005 utils optional openssl_3.6.3.orig.tar.gz
9f187ecf776ff34a1b9ea5631102d573 833 utils optional openssl_3.6.3.orig.tar.gz.asc
06ea8671f50efb05844ca1105b9b533e 51336 utils optional openssl_3.6.3-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAmotooIACgkQBWQfF1cS
+ltf9Qv/UsORjF5K2qoi+1wfiVLZ7ermyyOJF7mjdgQ1lXIzulIkxH6MwiR4Mm1b
tiECpF+u8GXTKa+797BvEWz/dtLKs75o7nvxbwTJzr/44m+H6VDtgLu9/LIVjGy3
M2OhxWutqvBmf4HzQFmfZdupIJ4ZULAz0DqJuxdqABrCWdxlsO2sPFcWZTM1mSlh
Mt2YoVcFLmCfBtSTkZBgYdTZkuDZZ7feS5OEugvM3OMeCLgXec0pdqGtMicrLBPL
mzWn8CYoTSmjz4jEAX7ZdSz1w5TWGq8P/hGdgxJ2FBVLWm0gR1oe1gBjBm5ubTAN
6tUrSLdRQWf16YmtnP+OD6tux46zDBWiVAeeFESMUeVk8EUCQ5zHPN2GSqiVsErJ
7Pe5dOGEw8z/p2K5aQkCRWnDyl99ARoGx7NhrSy2UAh1/m3fYs8YQsuz9OZ0msqG
wv8NMFsVxp3C6M+xRZqfr/hozJW2LkGIJYokIgeJxrxx5ipI1JWLZpviR7HKk6fA
WC7lxzY/
=Z+hN
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20260613/9f7cd960/attachment.sig>
More information about the Pkg-openssl-devel
mailing list