-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jan 2026 16:50:07 +0100
Source: openssl
Binary: libcrypto3-udeb libssl-dev libssl3-udeb libssl3t64 libssl3t64-dbgsym openssl openssl-dbgsym openssl-provider-fips openssl-provider-fips-dbgsym openssl-provider-legacy openssl-provider-legacy-dbgsym
Architecture: arm64
Version: 3.5.4-1~deb13u2
Distribution: trixie-security
Urgency: medium
Maintainer: arm Build Daemon (arm-ubc-03) <buildd_arm64-arm-ubc-03@buildd.debian.org>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Description:
 libcrypto3-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl3-udeb - ssl shared library - udeb (udeb)
 libssl3t64 - Secure Sockets Layer toolkit - shared libraries
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
 openssl-provider-fips - Secure Sockets Layer toolkit - cryptographic utility
 openssl-provider-legacy - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (3.5.4-1~deb13u2) trixie-security; urgency=medium
 .
   * CVE-2025-11187 (Improper validation of PBMAC1 parameters in PKCS#12 MAC
     verification)
   * CVE-2025-15467 (Stack buffer overflow in CMS AuthEnvelopedData parsing)
   * CVE-2025-15468 (NULL dereference in SSL_CIPHER_find() function on unknown
     cipher ID)
   * CVE-2025-15469 ("openssl dgst" one-shot codepath silently truncates inputs
     >16MB)
   * CVE-2025-66199 (TLS 1.3 CompressedCertificate excessive memory allocation)
   * CVE-2025-68160 (Heap out-of-bounds write in BIO_f_linebuffer on short
     writes)
   * CVE-2025-69418 (Unauthenticated/unencrypted trailing bytes with low-level
     OCB function calls)
   * CVE-2025-69419 (Out of bounds write in PKCS12_get_friendlyname() UTF-8
     conversion)
   * CVE-2025-69420 (Missing ASN1_TYPE validation in TS_RESP_verify_response()
     function)
   * CVE-2025-69421 (NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex
     function)
   * CVE-2026-22795 (Missing ASN1_TYPE validation in PKCS#12 parsing)
   * CVE-2026-22796 (ASN1_TYPE Type Confusion in the
     PKCS7_digest_from_attributes() function)
Checksums-Sha1:
 1fa6632b87518f9273c055cfc2023bb48e5dc055 2337900 libcrypto3-udeb_3.5.4-1~deb13u2_arm64.udeb
 b641f44db772c47df10d2a3d41795feb819654c9 3393372 libssl-dev_3.5.4-1~deb13u2_arm64.deb
 c690f37ac615190538ae979e57c67dd67e83dd89 341756 libssl3-udeb_3.5.4-1~deb13u2_arm64.udeb
 c108122c8c0adf40b6a97e00ac10d234219b8e28 6003188 libssl3t64-dbgsym_3.5.4-1~deb13u2_arm64.deb
 5b58ecdb7fbaf45ca8cbe7b28f718922e27f0b0f 2749668 libssl3t64_3.5.4-1~deb13u2_arm64.deb
 e1dffcd3ed47c9f0a72c7f0d07f7adb8131429ea 760672 openssl-dbgsym_3.5.4-1~deb13u2_arm64.deb
 0813f677fb02a5a9bf2cb577e52cc63420de311e 1709064 openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_arm64.deb
 9e0f83fcd549bc8fca02238fda16318eb1d8cb07 989692 openssl-provider-fips_3.5.4-1~deb13u2_arm64.deb
 09bece252c36701796986dbdfc95a4f34bcb3505 91756 openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_arm64.deb
 ea75d72a8b3e16ff46d2d2c1e386ef9c4d1b87b7 306704 openssl-provider-legacy_3.5.4-1~deb13u2_arm64.deb
 d092446f4ef8bac1b21f8f2724f189cfc90a636e 8768 openssl_3.5.4-1~deb13u2_arm64-buildd.buildinfo
 74609ac2976769e0e86171df9b1fa764fd0afc7a 1458696 openssl_3.5.4-1~deb13u2_arm64.deb
Checksums-Sha256:
 1a0a807aa3f40886310211ffe94d59346fc1e2d4c4e40aca8ed74b4bc2034c9b 2337900 libcrypto3-udeb_3.5.4-1~deb13u2_arm64.udeb
 d4a76bccbfea85db26c3b340637c37650e45a8c3d31d47aea6e6bb6a820515e3 3393372 libssl-dev_3.5.4-1~deb13u2_arm64.deb
 e15e1152a7da1c46c280f1837e615b42d701497bb5ac62a2c0234038ba15cfb5 341756 libssl3-udeb_3.5.4-1~deb13u2_arm64.udeb
 6faf2256fd38d6ea48e11245a1e6c4780d636cf68acbd53cc50fd2fede4ad07e 6003188 libssl3t64-dbgsym_3.5.4-1~deb13u2_arm64.deb
 bf08516b135862e5284635ac300189ecfee25f26c9bad79a3599474e63ad4dc5 2749668 libssl3t64_3.5.4-1~deb13u2_arm64.deb
 e77fc4dbae7c2e69051b65fe1a4d0138f2ce7c652808a5af0bb3be51944f62f0 760672 openssl-dbgsym_3.5.4-1~deb13u2_arm64.deb
 bd47fe40e59021f5ae9e41460f823baf7a4234bd9edd4fcfd6628e94fa5663b5 1709064 openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_arm64.deb
 9e2804b89a8028a2507f942a5352ca17f9b9c69d42d4d9bbafe246ff1c1d72b4 989692 openssl-provider-fips_3.5.4-1~deb13u2_arm64.deb
 b3ba0d0d9c6b140974d25311f1e36f8fb4dc06161f6d1f9f774f46d11cb6c83c 91756 openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_arm64.deb
 725efa401894bd3d9186ae7b3ae540e573afb7e15610ede69b31ec48af2103ca 306704 openssl-provider-legacy_3.5.4-1~deb13u2_arm64.deb
 f0f9a28c4415d81e9a459a4ef1ae2b0df2cc99b9224e40ce207550f464595991 8768 openssl_3.5.4-1~deb13u2_arm64-buildd.buildinfo
 b51177af3e5b9ff495c82ecd6f6df596c4272600dbbea328f8ac9210598f154b 1458696 openssl_3.5.4-1~deb13u2_arm64.deb
Files:
 0f905d6a0bc291f029b993c5f98ffbf7 2337900 debian-installer optional libcrypto3-udeb_3.5.4-1~deb13u2_arm64.udeb
 e65b42005dc242d0a7f2f6c174193295 3393372 libdevel optional libssl-dev_3.5.4-1~deb13u2_arm64.deb
 d98f711bf561c5fb50fbee5e6cb74167 341756 debian-installer optional libssl3-udeb_3.5.4-1~deb13u2_arm64.udeb
 ed81b3485376742022ff99df584e760b 6003188 debug optional libssl3t64-dbgsym_3.5.4-1~deb13u2_arm64.deb
 2f08c01c2f759f886bc90431eccceda6 2749668 libs optional libssl3t64_3.5.4-1~deb13u2_arm64.deb
 effa46ba048a70a10f0ac9f8c9139383 760672 debug optional openssl-dbgsym_3.5.4-1~deb13u2_arm64.deb
 a100c335290eababaa5f79d0225e80db 1709064 debug optional openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_arm64.deb
 c0fde199ec9930f6062603590c6a6200 989692 utils optional openssl-provider-fips_3.5.4-1~deb13u2_arm64.deb
 d0987d59519c1737b73eea6dfdfa8f0e 91756 debug optional openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_arm64.deb
 852857a671fd0d69fc822b95158f27e7 306704 utils optional openssl-provider-legacy_3.5.4-1~deb13u2_arm64.deb
 0238058c5c375312e31e5a769162475a 8768 utils optional openssl_3.5.4-1~deb13u2_arm64-buildd.buildinfo
 b0e3dd18074d6e9874738468304c434d 1458696 utils optional openssl_3.5.4-1~deb13u2_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEENsdrABvTD8MQ0UffVza3l394K2AFAml0+OsACgkQVza3l394
K2D1dBAAmIg9RCnY8TYwMivPr7ZZf+02DsYP1wteg+17hNqGRQo/G4e2biYccSsq
asg5Qps+fFzx2ZrUvDZFa+SZl8ENQd8ewSc1d0StmTyB1YjR9JUimsuuUGFr4+dl
HNFWpDaLlcK07HTs3k7S1eUbt5WjF68aJXTjq1ig98O/xz0wIblNaDhmbYoF1u2E
elnZiU21EfGnE7bYrBJ374Va862ZkslbXhEmDL0gA9L0+t4cMlNPp1wkIfLmD2Hl
r8nTN5UcqIny2RhddKqwTXDaIOLGOLpaBuDlxJTSSeWKUy/dcFx89it9rWyKhOIG
lD5FMUbOtpBeNjBmEUFvTzF4mLguSmQXAiX7av8mSrZ+DrDb9DAtLfWc561CNPJc
6IMmgTH9eBD9uEnJdaz1oMsohN+9J7Fuv3j1xF1tGG4hl9UdBxOD8ML5p4LmDuO6
5qTO1TEk4fgtrF+mTn2HJEo8qMhd5Xzumi2jsVX9ehJa17NcqDqQo35PuP7wStjF
E+FOJ+Hce29x63jsk2Fbvl5ZoRCb+MwK5gdlK1UiKJgmvAfnbktsjEAwQ8r0Suda
FxfVpmMCbf4EG/qbGQsvnQJmRd1i2BYQnmy+d3E2+rW/A23TnbEMbmkn8N3vvCjI
q5cUbCDDxiz2AYRIg8qISa0xBvP75lBdwDlxP95876vBfYt3AqM=
=g0BR
-----END PGP SIGNATURE-----