-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 06 Jun 2026 21:56:20 +0200 Source: openssl Architecture: source Version: 3.0.20-1~deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: Debian OpenSSL Team Changed-By: Sebastian Andrzej Siewior Changes: openssl (3.0.20-1~deb12u2) bookworm-security; urgency=medium . * CVE-2026-7383 ("Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion") * CVE-2026-9076 ("Out-of-Bounds Read in CMS Password-Based Decryption") * CVE-2026-34180 ("Heap Buffer Over-read in ASN.1 Content Parsing") * CVE-2026-34182 ("CMS AuthEnvelopedData Processing May Accept Forged Messages") * CVE-2026-42766 ("Possible NULL Dereference in Password-Based CMS Decryption") * CVE-2026-42770 ("FFC-DH Peer Validation Uses Attacker-Supplied q") * CVE-2026-45445 ("AES-OCB IV Ignored on EVP_Cipher() Path") * CVE-2026-45446 ("Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes") * CVE-2026-45447 ("Heap Use-After-Free in OpenSSL PKCS7_verify()") Checksums-Sha1: 884dc3fb411b10fc188f685967a74bc1f6174702 2539 openssl_3.0.20-1~deb12u2.dsc 9d6f88429036d592b5ef5648f4e163c4ad507d6d 15292815 openssl_3.0.20.orig.tar.gz f5c47fe31f17e8c59e5652e8316c8390a04bac39 833 openssl_3.0.20.orig.tar.gz.asc ef97c292c04e053b4f5100d58580de371c0129c4 72332 openssl_3.0.20-1~deb12u2.debian.tar.xz Checksums-Sha256: a614474a2773c23b10c0d65f4eccbcf93fdac4749afb7c26d76e1b0340154d3d 2539 openssl_3.0.20-1~deb12u2.dsc c80a01dfc70ece4dc21168932c37739042d404d46ccc81a5986dd75314ecda6f 15292815 openssl_3.0.20.orig.tar.gz 07669568ab34cf3a4dcf8fd8e0d85cacdacfaa10d5ab51bdc6fc47c22fa6b33a 833 openssl_3.0.20.orig.tar.gz.asc 7279efe85c359500c95aa88347e3395dd303d7566e2bb818d80d96e0c3bb9629 72332 openssl_3.0.20-1~deb12u2.debian.tar.xz Files: 94651369b91ed02727326cd6c1d059e5 2539 utils optional openssl_3.0.20-1~deb12u2.dsc fabdcf86f3f54e27689253f85b738959 15292815 utils optional openssl_3.0.20.orig.tar.gz 5da2a50618822acc381f39fe821bcb3b 833 utils optional openssl_3.0.20.orig.tar.gz.asc 91feec4b5627dcc7a819f98f0e344fca 72332 utils optional openssl_3.0.20-1~deb12u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAmokjBsACgkQBWQfF1cS +lsAYAv/Q01a+cr19iBhbTkN3ft93D6/CPXSK5MD/kLWp4Me1N9gI0RVvNV4eALY 98089NoCZvW0pgnAGNUFur7/cThO55kYzoULjCnR65Iv3SyUgWd1/cWnbatRsXlN jxPSjZ+j54GaEelYeTsravb/jaXBtYXVFGkG+s0OlcE4XEcZxxyj++FY2E0/kYxa NxxzAq9ENhaKey0AvkNSvzdNpf0ZAa1MgguD+Fe6Kzv2OQcq4q3wcgJEjoX+Y5FJ kj0kFltEMU+S64DSsQBCdjABaPSy3Popnkq+zPFRsfbjWTwcg5B8r0GSz37Opob2 0zNn2P+anAI5xxD3np8J+vl/OgW1WaK953tAA9hc7wMe2KI+sQ0WPHGwlXwHHuei gFaUEF/U6Py/USIVyPo4+QDH3p2mspn9pTZzBv2P9PHSi4sVTtcq26HnDTQUS2cY 9qNrIV0FGnJid8IsYmLCxrI+cpxNjZCtjbYrH+w2Rvf4P+4ba9IdcP3wYc9b4Bzi GnU3TkW7 =gNlf -----END PGP SIGNATURE-----