-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 06 Jun 2026 21:55:35 +0200 Source: openssl Architecture: source Version: 3.5.6-1~deb13u2 Distribution: trixie-security Urgency: medium Maintainer: Debian OpenSSL Team Changed-By: Sebastian Andrzej Siewior Changes: openssl (3.5.6-1~deb13u2) trixie-security; urgency=medium . * CVE-2026-7383 ("Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion") * CVE-2026-9076 ("Out-of-Bounds Read in CMS Password-Based Decryption") * CVE-2026-34180 ("Heap Buffer Over-read in ASN.1 Content Parsing") * CVE-2026-34181 ("PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys") * CVE-2026-34182 ("CMS AuthEnvelopedData Processing May Accept Forged Messages") * CVE-2026-34183 ("Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler") * CVE-2026-42764 ("NULL pointer dereference in QUIC server initial packet handling") * CVE-2026-42766 ("Possible NULL Dereference in Password-Based CMS Decryption") * CVE-2026-42767 ("NULL Pointer Dereference in CRMF EncryptedValue Decryption") * CVE-2026-42768 ("Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()") * CVE-2026-42769 ("Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate") * CVE-2026-42770 ("FFC-DH Peer Validation Uses Attacker-Supplied q") * CVE-2026-45445 ("AES-OCB IV Ignored on EVP_Cipher() Path") * CVE-2026-45446 ("Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes") * CVE-2026-45447 ("Heap Use-After-Free in OpenSSL PKCS7_verify()") Checksums-Sha1: df03846b4dd354e98fe438ee696660e8271bd8c8 2707 openssl_3.5.6-1~deb13u2.dsc 3dc26853ca7683237a869d01745dae48fb63ed82 53121812 openssl_3.5.6.orig.tar.gz 9e66b9879c7b021d9b169e2078909256cf9f3f49 833 openssl_3.5.6.orig.tar.gz.asc 6146ebc0d50f32fdaa59185ade423c50a186d7d0 82144 openssl_3.5.6-1~deb13u2.debian.tar.xz Checksums-Sha256: 6a7f8fef28a5134eeb1a88435c35704f6200a268b913232eca09775651a19210 2707 openssl_3.5.6-1~deb13u2.dsc deae7c80cba99c4b4f940ecadb3c3338b13cb77418409238e57d7f31f2a3b736 53121812 openssl_3.5.6.orig.tar.gz 581c536bd4c5bf7e325feaa90d6ce01c3da297737b5be3213c4e8087323fb623 833 openssl_3.5.6.orig.tar.gz.asc 322797f9ac320606e91eb07540fd4c7ba910ee84f52fa455c7f8619dd53f9bcc 82144 openssl_3.5.6-1~deb13u2.debian.tar.xz Files: 4cbec8395168952645bcba60ed1c1d9e 2707 utils optional openssl_3.5.6-1~deb13u2.dsc 1bb3506c580865a0a464e09288ac157e 53121812 utils optional openssl_3.5.6.orig.tar.gz 0a28e7f4a64dcd78e13a850c98cd1a32 833 utils optional openssl_3.5.6.orig.tar.gz.asc 1d79eaa496b080cf95c004589beb2583 82144 utils optional openssl_3.5.6-1~deb13u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAmokjB4ACgkQBWQfF1cS +lverwv+IU2zVI4td0GTU39AKJSKldgCElTDZBtbueY5XVnYuWUbF+Jy073q3FS7 gwHJpxCV6D3irC0RwYAUgRSu+HArsnuktkJ73DAsjMPE+0duj+wqExBQihfHUWyX KdpTThJ4VrpqCZ5F/3aLTwjed1NW8ARvHZh3c1IPHIDHplJ8e2OSX9fCYmLN9mEE RPAOr1sdfmx6X/GebwTsQvEZ04Rqqn0SsmTp4iIvYugvMszKsCkMrDMtnDJIw1BB DVepoK2iqmTENg1T7wXX1o0nKyzmtKPWg+uhIcmGO8bS7VB2Gz3n5J/Mk/lsvhol twuG7D9jvTCKlSbDp6nT4+6YbxELakh43XkNrHF0d0glnBmhtkkA7AzmkZWW/0Jt QK9CxYY+x7eT+J0jpQjtv8EeSe58eiUy9kOs4SdnRZuSaTMej1Z07X2ghzES8q8E AxBs2Ohjcz+dm3+V71EQZJSLS9ZMciMrh26W3vWorRkZx2ZeVhOjREwVOfw+0axP s7EngzNy =L6Cn -----END PGP SIGNATURE-----