-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jan 2026 16:50:07 +0100
Source: openssl
Binary: libcrypto3-udeb libssl-dev libssl3-udeb libssl3t64 libssl3t64-dbgsym openssl openssl-dbgsym openssl-provider-fips openssl-provider-fips-dbgsym openssl-provider-legacy openssl-provider-legacy-dbgsym
Architecture: armel
Version: 3.5.4-1~deb13u2
Distribution: trixie-security
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-02) <buildd_arm64-arm-conova-02@buildd.debian.org>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Description:
 libcrypto3-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl3-udeb - ssl shared library - udeb (udeb)
 libssl3t64 - Secure Sockets Layer toolkit - shared libraries
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
 openssl-provider-fips - Secure Sockets Layer toolkit - cryptographic utility
 openssl-provider-legacy - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (3.5.4-1~deb13u2) trixie-security; urgency=medium
 .
   * CVE-2025-11187 (Improper validation of PBMAC1 parameters in PKCS#12 MAC
     verification)
   * CVE-2025-15467 (Stack buffer overflow in CMS AuthEnvelopedData parsing)
   * CVE-2025-15468 (NULL dereference in SSL_CIPHER_find() function on unknown
     cipher ID)
   * CVE-2025-15469 ("openssl dgst" one-shot codepath silently truncates inputs
     >16MB)
   * CVE-2025-66199 (TLS 1.3 CompressedCertificate excessive memory allocation)
   * CVE-2025-68160 (Heap out-of-bounds write in BIO_f_linebuffer on short
     writes)
   * CVE-2025-69418 (Unauthenticated/unencrypted trailing bytes with low-level
     OCB function calls)
   * CVE-2025-69419 (Out of bounds write in PKCS12_get_friendlyname() UTF-8
     conversion)
   * CVE-2025-69420 (Missing ASN1_TYPE validation in TS_RESP_verify_response()
     function)
   * CVE-2025-69421 (NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex
     function)
   * CVE-2026-22795 (Missing ASN1_TYPE validation in PKCS#12 parsing)
   * CVE-2026-22796 (ASN1_TYPE Type Confusion in the
     PKCS7_digest_from_attributes() function)
Checksums-Sha1:
 d5bec95231628e2d419596fe52cc0c368bed96ae 1503708 libcrypto3-udeb_3.5.4-1~deb13u2_armel.udeb
 f1e5884d359ba1640f21ec82f5f5f48d56265b29 2538412 libssl-dev_3.5.4-1~deb13u2_armel.deb
 7a93e6b397e34082e190768ab063a238f99a3a47 316872 libssl3-udeb_3.5.4-1~deb13u2_armel.udeb
 4080829d3ed91fa8a86f0e07c53845b18becfa73 5786300 libssl3t64-dbgsym_3.5.4-1~deb13u2_armel.deb
 7fe9c0102541be73afdb09229b0d5a3851c4f5df 1946948 libssl3t64_3.5.4-1~deb13u2_armel.deb
 ee4c618348c8d4860e319770c8c272bdec618aa6 729156 openssl-dbgsym_3.5.4-1~deb13u2_armel.deb
 f1ae07532abff86662d75e31604308f852239392 1540076 openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_armel.deb
 f4a8d4d4c058955d1e821fb048d6fe10400c7b67 856872 openssl-provider-fips_3.5.4-1~deb13u2_armel.deb
 00fc4044ebf06ca6ad915622ef001e58b5e89c39 93044 openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_armel.deb
 e0ebb2335b47a59497ce278b52054b269a4ead2b 299908 openssl-provider-legacy_3.5.4-1~deb13u2_armel.deb
 7e0413c8e0e9eeed7bbd35ef95669ec08bcf9e89 8633 openssl_3.5.4-1~deb13u2_armel-buildd.buildinfo
 295b0bd82bd55cc31f733e49d28f88795fc5c9b3 1453624 openssl_3.5.4-1~deb13u2_armel.deb
Checksums-Sha256:
 c964a8b22ffbd6c0f9b912b9ba30820eb6d300233c7b60d18f23502fac54039d 1503708 libcrypto3-udeb_3.5.4-1~deb13u2_armel.udeb
 f109be7284af25779296d699ed2d6638ae80ffd2634b4a0443a834251996be7f 2538412 libssl-dev_3.5.4-1~deb13u2_armel.deb
 1128af469026a169400c5f26b0291e5e6bec83ab55d1ecd9b2a0d97e905c499e 316872 libssl3-udeb_3.5.4-1~deb13u2_armel.udeb
 41b265f100c1af57aed60835bd00f90ac88ba5fdab7fd9d13147106a8b04807a 5786300 libssl3t64-dbgsym_3.5.4-1~deb13u2_armel.deb
 e42a67bbef3933863ecea13b04823a87326a4000429495eb62c4af0c9b013a87 1946948 libssl3t64_3.5.4-1~deb13u2_armel.deb
 cf5c0394ecc0e1be3da42b19c16f2a1b39a84d9a8887cfe37b1ea03cbc2f5179 729156 openssl-dbgsym_3.5.4-1~deb13u2_armel.deb
 eac6b6aa5377b6d6506bdfefbd9949def55a8594a646c1a2227528c445526e84 1540076 openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_armel.deb
 797e4b37a2e31d5b542a0cb8a1848cba833091fdb692d4c2c4ac2a4fd4ed6fe9 856872 openssl-provider-fips_3.5.4-1~deb13u2_armel.deb
 b105d6e00a3f6b57efaded522a3fc800abf0680dae4c838cfd3a473d626b950c 93044 openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_armel.deb
 0cbc4f6cfdc33acdf6271240161193a7c9dcde0a1d5c4fd8a3cbc12b822d3ab3 299908 openssl-provider-legacy_3.5.4-1~deb13u2_armel.deb
 f8f2aa9d21d9e2ce8fdc941cf7818cf9851a6e5fe5068f98a47be8c0baa074c7 8633 openssl_3.5.4-1~deb13u2_armel-buildd.buildinfo
 4105e9708da15deca267956e955a3c39a709490fee500a7bb7b5385854148d4a 1453624 openssl_3.5.4-1~deb13u2_armel.deb
Files:
 9f244d22355f7356d1360239d9a6b717 1503708 debian-installer optional libcrypto3-udeb_3.5.4-1~deb13u2_armel.udeb
 ea457bbd04ff8ad9d1fd56452d639e33 2538412 libdevel optional libssl-dev_3.5.4-1~deb13u2_armel.deb
 731cab65730176163fd643e8047c4983 316872 debian-installer optional libssl3-udeb_3.5.4-1~deb13u2_armel.udeb
 c44851e7998a0df65369afb9f02abece 5786300 debug optional libssl3t64-dbgsym_3.5.4-1~deb13u2_armel.deb
 5a0b0e5eafe92ed247c7579677ba1939 1946948 libs optional libssl3t64_3.5.4-1~deb13u2_armel.deb
 261d0f01c86c0f8d03363f35a7d05161 729156 debug optional openssl-dbgsym_3.5.4-1~deb13u2_armel.deb
 2602e148c0a90d09c597e9a0135bc1be 1540076 debug optional openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_armel.deb
 bbbb4457ae0caae04b73ab4dc66c2966 856872 utils optional openssl-provider-fips_3.5.4-1~deb13u2_armel.deb
 3f806fbc001c5473a6e63d8f8bfa0861 93044 debug optional openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_armel.deb
 3cd19e7e8804e2ad89673b81aefa9a9b 299908 utils optional openssl-provider-legacy_3.5.4-1~deb13u2_armel.deb
 e6d337c048da17137516ee0a88665469 8633 utils optional openssl_3.5.4-1~deb13u2_armel-buildd.buildinfo
 09fb487790ad93cf58fbbf1b724134aa 1453624 utils optional openssl_3.5.4-1~deb13u2_armel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEWHj9K9pO9l4btbD1OQKMdMnEH5MFAml0+3oACgkQOQKMdMnE
H5NtPA/9F6WEJrEG2zNaqvGHOh+tMquXFt17qQj314Z87sUcyKTVFlF5sTXwWPId
kCWet16Ms2czfdPi/BAbg37YJP3Qm7D9fVeCkE9zs3DXSPLezxw2ImSpL+F9y3/5
+3AeCqKszIMyz5FWc1bvU8SUds9nm6eOpuIjaKWrB2DURc284Sz6KwtJWqGE3w6k
vnEJ3rTBVdylEqaBBs2PXJLgPnz0uUjp45tHyULEeanNCK/LqWo70lurFpEKypxk
1heroW//V71SPeEKeraU9ootECk4JJP0wwgfPUj2epsc4jUX3FObNCDfBU4IKtse
kEZgpTArwGC+8tzO9CklpVNqjQu+VYE9XD6VVFfHl5ZJYCsz+zZit1Di5qxx9CdB
AN1MO96rqzATkzExKsJ49JoesdlWF4/eZrlSMKlpPpATiXVtwHhaIYJ26i3h/72k
9rgGpnvQ0VGgRh4QogOQD8xoYliHlrhxRxmdOFVaddf3McGySmg1MVvKBwp2LNn2
m1C3OnKEO/qDoQAbJUhDzjMH9sfhdCjYpeM/1ePEUf/Ki41rSGjQJvqHOE52Tr3y
j8v1IvpfMefVaF+NV4SN7UFRoY8SVrgFi28Agk7voiS/H6Wj1xOU0Lqc5LY8jpl0
xh+vEildr5IpIxU4/4VndzNlLb8zOd7Ve3rOCpw/zaWSSLE70fY=
=Xl8g
-----END PGP SIGNATURE-----