-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 06 Jun 2026 21:55:35 +0200 Source: openssl Binary: libssl-doc Architecture: all Version: 3.5.6-1~deb13u2 Distribution: trixie-security Urgency: medium Maintainer: all Build Daemon (x86-csail-02) Changed-By: Sebastian Andrzej Siewior Description: libssl-doc - Secure Sockets Layer toolkit - development documentation Changes: openssl (3.5.6-1~deb13u2) trixie-security; urgency=medium . * CVE-2026-7383 ("Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion") * CVE-2026-9076 ("Out-of-Bounds Read in CMS Password-Based Decryption") * CVE-2026-34180 ("Heap Buffer Over-read in ASN.1 Content Parsing") * CVE-2026-34181 ("PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys") * CVE-2026-34182 ("CMS AuthEnvelopedData Processing May Accept Forged Messages") * CVE-2026-34183 ("Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler") * CVE-2026-42764 ("NULL pointer dereference in QUIC server initial packet handling") * CVE-2026-42766 ("Possible NULL Dereference in Password-Based CMS Decryption") * CVE-2026-42767 ("NULL Pointer Dereference in CRMF EncryptedValue Decryption") * CVE-2026-42768 ("Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()") * CVE-2026-42769 ("Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate") * CVE-2026-42770 ("FFC-DH Peer Validation Uses Attacker-Supplied q") * CVE-2026-45445 ("AES-OCB IV Ignored on EVP_Cipher() Path") * CVE-2026-45446 ("Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes") * CVE-2026-45447 ("Heap Use-After-Free in OpenSSL PKCS7_verify()") Checksums-Sha1: be041756af715933b73f09cba0ccba08cb89f952 2250804 libssl-doc_3.5.6-1~deb13u2_all.deb eb1fbd91586a7b3c6d893717c6887fb7db8a0033 5623 openssl_3.5.6-1~deb13u2_all-buildd.buildinfo Checksums-Sha256: 05a46b1f39b8a6d2f97e0d44a5bf875e8cb0060e08d5a1a9c0b030e831ac0f7d 2250804 libssl-doc_3.5.6-1~deb13u2_all.deb 19257d5fb7226375dafa4e3d9d225d237a01498b4b015247161623c29da11020 5623 openssl_3.5.6-1~deb13u2_all-buildd.buildinfo Files: 49f6f838cf916d5b9604879a18fc0f5f 2250804 doc optional libssl-doc_3.5.6-1~deb13u2_all.deb fee5905c0cf07f567b3aea08a0c598cd 5623 utils optional openssl_3.5.6-1~deb13u2_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXLxUpUHQBQBTDtd4aBVi67oXtfkFAmokkisACgkQaBVi67oX tfm+1RAAlw8on4J4yyzTuv3vIaV8u9rApT6s4y9TS0hz/1Wdzuzv28BexOiRySqh OfGqaVbQ56jTFPT1AzQ9LXd0RByAWepYXIxOV67nQLZq1JlXNNACsjDjRNF0jNWo 9QhUwixUP/bhO5QgRkAmq3UdgYFcBoG8YxdpykAgLcjL47A0RRWuqBqDvc+nwUYx Bis9C4ZpjVjpPmQH6A7BFgqIEIkFIdBw82zOxLGdY8TrSqTwH/rfatyMiTQaS84s So3PgLawDyAdo8YmkQBiMaIo5q7t0fSLXYL8IDzRCIYEt0xwzzylOaY9qDmLyZrH EMDORIq5eNWrbOOegnLmgScNyjDD/gaMDYYYm8pY++h70O+Rgb4UgJfOcbX6LTVe FMe9AMqaZaPyM1Sy4g1reYBrATXPxQyUC8L7sZDnRrJf+iog2/vz26hNlUCI/F/w dg4oB08pX4Ru6MWlIQ8EA3cYT7d3v1EsdEkPP6n1sGiamDnMJn17NAvTwpzUkKFZ /HzWNgmP00yZmYABj60UXXCyKAMNQKi+tAucljn5fi/U7AIBA6/rVjiV09Nfeg5a h5VbdFnq/CCHqP+NOw7l11lo9V4/lZkpSiFwHonC1nYL09ILwwUCnHqYFVQe3Xxb W7kaGT3pymIIYRSfgQ9bT8G0xWJ9YA3wZn75TYIu6QeAUtAyA8Y= =4z8K -----END PGP SIGNATURE-----