-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jan 2026 16:50:07 +0100
Source: openssl
Binary: libcrypto3-udeb libssl-dev libssl3-udeb libssl3t64 libssl3t64-dbgsym openssl openssl-dbgsym openssl-provider-fips openssl-provider-fips-dbgsym openssl-provider-legacy openssl-provider-legacy-dbgsym
Architecture: amd64
Version: 3.5.4-1~deb13u2
Distribution: trixie-security
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-csail-01) <buildd_amd64-x86-csail-01@buildd.debian.org>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Description:
 libcrypto3-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl3-udeb - ssl shared library - udeb (udeb)
 libssl3t64 - Secure Sockets Layer toolkit - shared libraries
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
 openssl-provider-fips - Secure Sockets Layer toolkit - cryptographic utility
 openssl-provider-legacy - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (3.5.4-1~deb13u2) trixie-security; urgency=medium
 .
   * CVE-2025-11187 (Improper validation of PBMAC1 parameters in PKCS#12 MAC
     verification)
   * CVE-2025-15467 (Stack buffer overflow in CMS AuthEnvelopedData parsing)
   * CVE-2025-15468 (NULL dereference in SSL_CIPHER_find() function on unknown
     cipher ID)
   * CVE-2025-15469 ("openssl dgst" one-shot codepath silently truncates inputs
     >16MB)
   * CVE-2025-66199 (TLS 1.3 CompressedCertificate excessive memory allocation)
   * CVE-2025-68160 (Heap out-of-bounds write in BIO_f_linebuffer on short
     writes)
   * CVE-2025-69418 (Unauthenticated/unencrypted trailing bytes with low-level
     OCB function calls)
   * CVE-2025-69419 (Out of bounds write in PKCS12_get_friendlyname() UTF-8
     conversion)
   * CVE-2025-69420 (Missing ASN1_TYPE validation in TS_RESP_verify_response()
     function)
   * CVE-2025-69421 (NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex
     function)
   * CVE-2026-22795 (Missing ASN1_TYPE validation in PKCS#12 parsing)
   * CVE-2026-22796 (ASN1_TYPE Type Confusion in the
     PKCS7_digest_from_attributes() function)
Checksums-Sha1:
 97dd99952e5d9e710f302f8591eb2cff852cf740 2013516 libcrypto3-udeb_3.5.4-1~deb13u2_amd64.udeb
 3c26ffaa7ea69ee4114251f659a1078f6a0dd894 2958232 libssl-dev_3.5.4-1~deb13u2_amd64.deb
 c4a9e694480643889eeda21b22e59e26daa94c7c 372272 libssl3-udeb_3.5.4-1~deb13u2_amd64.udeb
 4732073394b7914d64249b608478f8e50abaf62a 6215748 libssl3t64-dbgsym_3.5.4-1~deb13u2_amd64.deb
 9701362284d9ef951ce9a7905526c9e751f5f206 2441520 libssl3t64_3.5.4-1~deb13u2_amd64.deb
 7479e3e9143663c4a3280c410781fc32ad5f7990 745192 openssl-dbgsym_3.5.4-1~deb13u2_amd64.deb
 05de9d1b68fc9665fa51d9a7f8d499f50adab89f 1828308 openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_amd64.deb
 52909657c709988a455bffb7c79bcf84d61a48a9 1099696 openssl-provider-fips_3.5.4-1~deb13u2_amd64.deb
 e9f85d9737ac36f04e99e21e8a50bf5a3327f6b1 97440 openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_amd64.deb
 66d832d72374463ddc8cadff81456f85d8dfc93d 308280 openssl-provider-legacy_3.5.4-1~deb13u2_amd64.deb
 40c985fc1d4c74e38617fb07444c82105a473bf7 8784 openssl_3.5.4-1~deb13u2_amd64-buildd.buildinfo
 2deca4ed6d8c06d54d654cbdc5b481d8555c64ee 1495328 openssl_3.5.4-1~deb13u2_amd64.deb
Checksums-Sha256:
 dadf70613ffc82c695debbd802c3f3d4e4c614e651dc8b35a4805f945efd8408 2013516 libcrypto3-udeb_3.5.4-1~deb13u2_amd64.udeb
 20dfa6098ff49fd81d373edd2694ae2f9606fad764c099a7e483bcd0883a181f 2958232 libssl-dev_3.5.4-1~deb13u2_amd64.deb
 54c4a0ef8822265ed95e18b039e8865791a68a446315f9d9055e332259e0c218 372272 libssl3-udeb_3.5.4-1~deb13u2_amd64.udeb
 3709ad05f413eaf84a201a9f189aa1428480120245c7871e51518fd8f19da93b 6215748 libssl3t64-dbgsym_3.5.4-1~deb13u2_amd64.deb
 4a832fbdfc6ae292e4846eab6a6bf3687958c37ebcfd970e49169774d66d1231 2441520 libssl3t64_3.5.4-1~deb13u2_amd64.deb
 1c56cddae129f792bbcd337aedddbb4459806d41ec6d6d6712ffa4b57bfddc7f 745192 openssl-dbgsym_3.5.4-1~deb13u2_amd64.deb
 f0a96d3cf26307189be3b23276f015cd1d167d6ad1c3e3ec64b611e3c2ded8f3 1828308 openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_amd64.deb
 16777900e2f4f83ee442368168ddbd55b401d82604b892411f1d950943596cd4 1099696 openssl-provider-fips_3.5.4-1~deb13u2_amd64.deb
 09c0ace769999bff22a36c3a5bfe5064f091dc07a127f2ed12f59de774246113 97440 openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_amd64.deb
 69e406fb6f02261bc6ea3477fc38bab86fd66afc6d58a946e51d7832ae8c89e1 308280 openssl-provider-legacy_3.5.4-1~deb13u2_amd64.deb
 b0416aa020f5774d97532374bafd79b2f273a49f175e1b89c15d035977bef4f2 8784 openssl_3.5.4-1~deb13u2_amd64-buildd.buildinfo
 583f2881a9ed89e480d46caa3de39a6f0e174d259077a98c8b6cc3d46166e1e5 1495328 openssl_3.5.4-1~deb13u2_amd64.deb
Files:
 b8815919f88c526672bc603bffddd678 2013516 debian-installer optional libcrypto3-udeb_3.5.4-1~deb13u2_amd64.udeb
 2432e73488e7c213713e0753d6d110e1 2958232 libdevel optional libssl-dev_3.5.4-1~deb13u2_amd64.deb
 3e86e2b9917491b3671ed00e86610bbf 372272 debian-installer optional libssl3-udeb_3.5.4-1~deb13u2_amd64.udeb
 818ec324d86266337d489698e62095ef 6215748 debug optional libssl3t64-dbgsym_3.5.4-1~deb13u2_amd64.deb
 0c11b5c0e502b13a676a5bbbe0bb233b 2441520 libs optional libssl3t64_3.5.4-1~deb13u2_amd64.deb
 4335f34c618724a31d541ec305a2a7f4 745192 debug optional openssl-dbgsym_3.5.4-1~deb13u2_amd64.deb
 e2c59a5ae54f033519098ae1bd9f81e7 1828308 debug optional openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_amd64.deb
 30cf8f333c7726a8a0cd8aff6473c56e 1099696 utils optional openssl-provider-fips_3.5.4-1~deb13u2_amd64.deb
 f081629e3f544f4915f056465dbe3777 97440 debug optional openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_amd64.deb
 a0d2971395b50726d1dcd219a6fbd07a 308280 utils optional openssl-provider-legacy_3.5.4-1~deb13u2_amd64.deb
 3a27909369e3a769f7bdf2a9770cf775 8784 utils optional openssl_3.5.4-1~deb13u2_amd64-buildd.buildinfo
 fe2382e11698a7100b632e9a92fcf4a3 1495328 utils optional openssl_3.5.4-1~deb13u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXNeYFUF3FbHcrtSeIy3Pg040HrAFAml0+G0ACgkQIy3Pg040
HrBA6Q//a9rVw3uYU+Qi9yNqz+Ph4ISsOIhsdU/7Ccl09XDLABHtbDdenq4bDOrF
ChqbOk+re7iQ0F7MF26uJ5Bx3DZpXYodtBMy27kB22zYXz54LGGnG6p/8B2aahG3
h0vVoUELRKu0+W1BDj8Y8qIHvRrx+5togxccbjDDiJOf/R1fkHpwq0OnBir0dSOA
DBI6qLUQkBGTGIkZKyCrN24FthL3YHyg+ExXDUM1HEQ1BVuREAiFxeS/rPOC3jKY
KeMNejc7SvsEXVzmAx4Oq8uA9Ly2WKQHE0k62qvczJLh8BP5gqERMQq5y45jVMLH
sLNPLFozapiBHUmV2eRK2ZHJ8+nfr8PZ0tTqkg/UUXjqw3Z1K4115EKk5SBt8bd6
+cLp70KNz4o6a1oS+CDASUFHOeXZZ31kA8XiL2TZPJVcf0B4N4Cu0Q8S57uQw2Hf
m33vjzuCq3NBRqiwD7rTsIsczkOt9f1JkDaC8d4qobkcJxp94AvcFqqRP/cp6RVK
iASZPWPV8bExCOcGOkvS4kkj4MxKoumxqK4lePek8c6cYS54Wxtmk6XXpBqx9I//
aRVmhb59cEQ9tM3B3B0qOIE1aYyoOTkoG/2S8DUprxl0QcGmpSNy5t3df4MsYCUR
vj8vI6RyKT8xMnR8rrKduT0R3bIeVy0N+uuVYnEzXpZLF4hh3pg=
=N/Fb
-----END PGP SIGNATURE-----