-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jan 2026 16:50:07 +0100
Source: openssl
Binary: libcrypto3-udeb libssl-dev libssl3-udeb libssl3t64 libssl3t64-dbgsym openssl openssl-dbgsym openssl-provider-fips openssl-provider-fips-dbgsym openssl-provider-legacy openssl-provider-legacy-dbgsym
Architecture: armhf
Version: 3.5.4-1~deb13u2
Distribution: trixie-security
Urgency: medium
Maintainer: arm Build Daemon (arm-ubc-05) <buildd_arm64-arm-ubc-05@buildd.debian.org>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Description:
 libcrypto3-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl3-udeb - ssl shared library - udeb (udeb)
 libssl3t64 - Secure Sockets Layer toolkit - shared libraries
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
 openssl-provider-fips - Secure Sockets Layer toolkit - cryptographic utility
 openssl-provider-legacy - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (3.5.4-1~deb13u2) trixie-security; urgency=medium
 .
   * CVE-2025-11187 (Improper validation of PBMAC1 parameters in PKCS#12 MAC
     verification)
   * CVE-2025-15467 (Stack buffer overflow in CMS AuthEnvelopedData parsing)
   * CVE-2025-15468 (NULL dereference in SSL_CIPHER_find() function on unknown
     cipher ID)
   * CVE-2025-15469 ("openssl dgst" one-shot codepath silently truncates inputs
     >16MB)
   * CVE-2025-66199 (TLS 1.3 CompressedCertificate excessive memory allocation)
   * CVE-2025-68160 (Heap out-of-bounds write in BIO_f_linebuffer on short
     writes)
   * CVE-2025-69418 (Unauthenticated/unencrypted trailing bytes with low-level
     OCB function calls)
   * CVE-2025-69419 (Out of bounds write in PKCS12_get_friendlyname() UTF-8
     conversion)
   * CVE-2025-69420 (Missing ASN1_TYPE validation in TS_RESP_verify_response()
     function)
   * CVE-2025-69421 (NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex
     function)
   * CVE-2026-22795 (Missing ASN1_TYPE validation in PKCS#12 parsing)
   * CVE-2026-22796 (ASN1_TYPE Type Confusion in the
     PKCS7_digest_from_attributes() function)
Checksums-Sha1:
 8a80c5e61c008df81c6bd298e0efeb79edfbb752 1551132 libcrypto3-udeb_3.5.4-1~deb13u2_armhf.udeb
 83b5fed2f0eb69c746e07749adb666829ab3d582 2569984 libssl-dev_3.5.4-1~deb13u2_armhf.deb
 aa099321db19cf95b95bff49a1ca097709b50cd6 317612 libssl3-udeb_3.5.4-1~deb13u2_armhf.udeb
 a4331cfbb6ccb55fd9a504334418983770474420 5875060 libssl3t64-dbgsym_3.5.4-1~deb13u2_armhf.deb
 dd6a5b8834c01295cd17188bf035094a92e1f5fe 1987428 libssl3t64_3.5.4-1~deb13u2_armhf.deb
 9ab76ed3155477c9eb78c52bede2c2f6a17e8c5c 742792 openssl-dbgsym_3.5.4-1~deb13u2_armhf.deb
 addf33758a39c2e7b9a55c988e821d60c9304b61 1573248 openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_armhf.deb
 428f693f1192f88a88f4006547086793d6ae623d 873712 openssl-provider-fips_3.5.4-1~deb13u2_armhf.deb
 347ad4e61cafd4cf4e0d0d2e9cfa4778a55fda72 95092 openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_armhf.deb
 f2ce46593bfd35e6847a0ff34ae51133e84fdae8 300208 openssl-provider-legacy_3.5.4-1~deb13u2_armhf.deb
 98c6412f1da02ec8bd730aa4eacc78191c682b88 8647 openssl_3.5.4-1~deb13u2_armhf-buildd.buildinfo
 6296d2c3a0242f9fcaeb5672d478f55b27cb2257 1461008 openssl_3.5.4-1~deb13u2_armhf.deb
Checksums-Sha256:
 6b0120c64a8ebcf7e10510940a4d0af788c4c0207798abafd4ee58775a6e6552 1551132 libcrypto3-udeb_3.5.4-1~deb13u2_armhf.udeb
 5e402109a3f0f51f63728c18b69613db1734270126707153ed36f0a5127cc43a 2569984 libssl-dev_3.5.4-1~deb13u2_armhf.deb
 e970424ee7ac038a41138dd21e353999914744289bb03d2fe8e1d032511f879b 317612 libssl3-udeb_3.5.4-1~deb13u2_armhf.udeb
 f2b9d46ca7fe94815cb261c9c4e2e84e9912b4b558bc019d99d3e4d980dc54e3 5875060 libssl3t64-dbgsym_3.5.4-1~deb13u2_armhf.deb
 40b39b9bc8f92f15d4a166035a55afe029834832d97ec17b9ae5337db146e4f1 1987428 libssl3t64_3.5.4-1~deb13u2_armhf.deb
 758f242e7ad7a5bfe199813fcd114c59cc8316e91e01a3f831d02c7c1cfc1a0e 742792 openssl-dbgsym_3.5.4-1~deb13u2_armhf.deb
 9e71ec82543848d1eb4950b4ce6745227b283f341ba871b8d82e8becc2784f57 1573248 openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_armhf.deb
 ff01e8b213d6e79aeb3b3bd895b4875f3dd29d891043f0c15cf2a8597f571fd3 873712 openssl-provider-fips_3.5.4-1~deb13u2_armhf.deb
 f562a7080c788c367590f77e95577af0cee06cb0641288b6615b69e5f4d6fb06 95092 openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_armhf.deb
 76732f023866c0ef321f61c3c3d2f1fb0a23fef1718143799915811cdbe2e243 300208 openssl-provider-legacy_3.5.4-1~deb13u2_armhf.deb
 e3087e95aaad8d3e1ce822a8e8fd88aae0325ac2ce06f93bed40fd8ad76fd4b4 8647 openssl_3.5.4-1~deb13u2_armhf-buildd.buildinfo
 5f36b557d610a37aaa640c39b597ed6e8cb4c295c076ddeeb93256d017b1c06c 1461008 openssl_3.5.4-1~deb13u2_armhf.deb
Files:
 cc0eab6b6554cb09863ff49a724c5f2f 1551132 debian-installer optional libcrypto3-udeb_3.5.4-1~deb13u2_armhf.udeb
 69a346fdb157025c2f747ffe1addfb6d 2569984 libdevel optional libssl-dev_3.5.4-1~deb13u2_armhf.deb
 2d8051a490da6f1d22e214d18f16d445 317612 debian-installer optional libssl3-udeb_3.5.4-1~deb13u2_armhf.udeb
 1b596dbb61c5a2b1dbf7c4f633678789 5875060 debug optional libssl3t64-dbgsym_3.5.4-1~deb13u2_armhf.deb
 7a2024255c07b7e8441912d11d6572ee 1987428 libs optional libssl3t64_3.5.4-1~deb13u2_armhf.deb
 a488a3af69ddcc6ce838c8dbbb6d157b 742792 debug optional openssl-dbgsym_3.5.4-1~deb13u2_armhf.deb
 959c6079b0275d85c635939bf9454482 1573248 debug optional openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_armhf.deb
 391b6d1564592279e896765c1599e74b 873712 utils optional openssl-provider-fips_3.5.4-1~deb13u2_armhf.deb
 ce4548c44e3ed7f76d8985478c303cd9 95092 debug optional openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_armhf.deb
 1c48501bd5789f0a94d19310859d06d0 300208 utils optional openssl-provider-legacy_3.5.4-1~deb13u2_armhf.deb
 892051dcb73dd2ee68a7998d63b5279d 8647 utils optional openssl_3.5.4-1~deb13u2_armhf-buildd.buildinfo
 8f64a29c992bf2bdd1f1d48414a07afc 1461008 utils optional openssl_3.5.4-1~deb13u2_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEiIG3Q3DxwDgRKKeyLRECdjCZQkcFAml0+b8ACgkQLRECdjCZ
Qkdc+w//TDc0HKRAP2TfnC2iwvK5mnurHmQfoHTKmRssYqeNHm0uCYf3OnJoCvmx
JLVTVVwBXATQaxmvehs6Q+jkhQXzY6a2yjRM+EUQXGfVcZnvlEx60/AWvQKYTT+T
ryBpWKwibzaBoC9mQoIHF520LTzk/oFpi/B19xrDZRe3xpdgqBiJ3brL/rTvriAb
isfr+PoVAP4kTWms8T4EqjM3afDRu/OGTZSI03UFOZtqPD+EFwNp//ZVK/zQufIV
03P261Xfi3xASLoicoq27WrmK7vWTKq//n0HkHOxiYhIiGUIxu+Lt5g4kSi/HghB
EqDltASVehfFWzKnarCfgukqGw9b1In8rAMBnTuMPi/t4bGRQnePKcGCV9UwzJV7
WNKQuOS7pYYQAxv9oLwDxFz6j+7+b4jAcwgDe/MWSg10tpkD4wECAQu/0aOb5DXh
Fk9o5cf/x3FytXimXq0hdds45gTnCJDlXtsw58eniyJ88R/Kdh9/uoj63N81SeJl
Qt0fKKEU7Wy5G0cSBnKVs0cnTMKvbd9vnfqnp3nDDwiV58ADb4f5utL1HKfaGmC6
wxD3tooftA63o11M/WcdVGNCWoc5Yqdtaxa9UxW0I4WwvRwfESg1UAArcni+4i0A
atX21YxZVKZXJR9fur4wlGZfKrdoZTfUtUCbmPILCG4VGJfrrJs=
=QBLG
-----END PGP SIGNATURE-----