-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jan 2026 16:50:07 +0100
Source: openssl
Binary: libcrypto3-udeb libssl-dev libssl3-udeb libssl3t64 libssl3t64-dbgsym openssl openssl-dbgsym openssl-provider-fips openssl-provider-fips-dbgsym openssl-provider-legacy openssl-provider-legacy-dbgsym
Architecture: i386
Version: 3.5.4-1~deb13u2
Distribution: trixie-security
Urgency: medium
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Description:
 libcrypto3-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl3-udeb - ssl shared library - udeb (udeb)
 libssl3t64 - Secure Sockets Layer toolkit - shared libraries
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
 openssl-provider-fips - Secure Sockets Layer toolkit - cryptographic utility
 openssl-provider-legacy - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (3.5.4-1~deb13u2) trixie-security; urgency=medium
 .
   * CVE-2025-11187 (Improper validation of PBMAC1 parameters in PKCS#12 MAC
     verification)
   * CVE-2025-15467 (Stack buffer overflow in CMS AuthEnvelopedData parsing)
   * CVE-2025-15468 (NULL dereference in SSL_CIPHER_find() function on unknown
     cipher ID)
   * CVE-2025-15469 ("openssl dgst" one-shot codepath silently truncates inputs
     >16MB)
   * CVE-2025-66199 (TLS 1.3 CompressedCertificate excessive memory allocation)
   * CVE-2025-68160 (Heap out-of-bounds write in BIO_f_linebuffer on short
     writes)
   * CVE-2025-69418 (Unauthenticated/unencrypted trailing bytes with low-level
     OCB function calls)
   * CVE-2025-69419 (Out of bounds write in PKCS12_get_friendlyname() UTF-8
     conversion)
   * CVE-2025-69420 (Missing ASN1_TYPE validation in TS_RESP_verify_response()
     function)
   * CVE-2025-69421 (NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex
     function)
   * CVE-2026-22795 (Missing ASN1_TYPE validation in PKCS#12 parsing)
   * CVE-2026-22796 (ASN1_TYPE Type Confusion in the
     PKCS7_digest_from_attributes() function)
Checksums-Sha1:
 9c211dcf7e6bef31dd111e1c5fdebe94a04cffd3 1944912 libcrypto3-udeb_3.5.4-1~deb13u2_i386.udeb
 8045e938b044f5aa6b4eae41b1df248238f5834d 3005340 libssl-dev_3.5.4-1~deb13u2_i386.deb
 d09997b8ddd779ae3cfe6eac22fbf12f82ba9b96 418036 libssl3-udeb_3.5.4-1~deb13u2_i386.udeb
 f470ff4b16a2c39bd2375456e5e903167cd68d1f 4865380 libssl3t64-dbgsym_3.5.4-1~deb13u2_i386.deb
 ac48d4cb87324b42dad8861d361256a90aa27954 2424672 libssl3t64_3.5.4-1~deb13u2_i386.deb
 e93f2193dbc71e5605eb6d6be28f4aa0d01c14aa 647036 openssl-dbgsym_3.5.4-1~deb13u2_i386.deb
 542530d5a344acb8a009040c548a09686989dceb 1305144 openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_i386.deb
 587c0bd65f269affcf60b618bc18882a95efbb75 999840 openssl-provider-fips_3.5.4-1~deb13u2_i386.deb
 115d14debfb5f1e552f3b0c2d59c185b42b47d0b 69532 openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_i386.deb
 fa8d4312f0e00aade2bb54fd0e4d9ec3f035677b 305024 openssl-provider-legacy_3.5.4-1~deb13u2_i386.deb
 3cd0a0ab281a3b3b0194151c387bef71fb7d5b65 8655 openssl_3.5.4-1~deb13u2_i386-buildd.buildinfo
 20f8f9cf1d51a98c7e5a5d0aa2f09d190cfd65a9 1500188 openssl_3.5.4-1~deb13u2_i386.deb
Checksums-Sha256:
 7f40ff500e7277b9f0e3581ce5ee96cddd504d3c501bf398bf258644601172c4 1944912 libcrypto3-udeb_3.5.4-1~deb13u2_i386.udeb
 115745c9647317392b2d414b6fb9de5418bf6cf88d66c856a4502152ba3fcffd 3005340 libssl-dev_3.5.4-1~deb13u2_i386.deb
 382a32ec6c362b44d165963ca55a9811a87bbeb4568d05b464219f62e8656048 418036 libssl3-udeb_3.5.4-1~deb13u2_i386.udeb
 ae58fd808d46d497b1a591642850d063290c243fd14da863a774b8fe57ad114a 4865380 libssl3t64-dbgsym_3.5.4-1~deb13u2_i386.deb
 6a694f0e0850de0a53ad63f43bad03853d3e33eff87c5defbcb69144c0ca113b 2424672 libssl3t64_3.5.4-1~deb13u2_i386.deb
 ad7f01a9b7e0d2077b0727c9656c918af3b1e6e8f40debb050cdd421cd6ac6c5 647036 openssl-dbgsym_3.5.4-1~deb13u2_i386.deb
 0ee9f6e3cb1af43ac0c2cf604ffc147ae69077ef22c45b4144b8b8afe186454c 1305144 openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_i386.deb
 557ae35167adde483b69cdb21d640f52a7b55ff9fe10ab3ef572fde15d89d47a 999840 openssl-provider-fips_3.5.4-1~deb13u2_i386.deb
 be2a93303ac7c07ba18b178716908f5f4b0eba7f009fe37222e1c75a87b0d55a 69532 openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_i386.deb
 61c0d190ed2c2ae51162e51cbc453a0d688927727f38dda5feab296a2aeb36a2 305024 openssl-provider-legacy_3.5.4-1~deb13u2_i386.deb
 95c2d381ee4d1f0ee04b9eea9bbb1d73b61b30dea1731073b3b59259bf5795e8 8655 openssl_3.5.4-1~deb13u2_i386-buildd.buildinfo
 f7e7280d5ab3d91b3a87e9833619fce9dad62eecd15770d4e4498bd858404e94 1500188 openssl_3.5.4-1~deb13u2_i386.deb
Files:
 af6287d51cc8d38b607875fc400d271d 1944912 debian-installer optional libcrypto3-udeb_3.5.4-1~deb13u2_i386.udeb
 3dbc534660ada2ea81a79f562d287d76 3005340 libdevel optional libssl-dev_3.5.4-1~deb13u2_i386.deb
 af319d76c4c89a151981d7cfa88a8544 418036 debian-installer optional libssl3-udeb_3.5.4-1~deb13u2_i386.udeb
 137ca0644f07288007d09e32bf909db5 4865380 debug optional libssl3t64-dbgsym_3.5.4-1~deb13u2_i386.deb
 84ed8dbdd26a0b779fecfe69a3261537 2424672 libs optional libssl3t64_3.5.4-1~deb13u2_i386.deb
 8d143ab015ae034b5bd9d5a3b2df7882 647036 debug optional openssl-dbgsym_3.5.4-1~deb13u2_i386.deb
 278d8fbcee575c561625dda908114726 1305144 debug optional openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_i386.deb
 a81d4160139198dbbbcd36ed9dec78ce 999840 utils optional openssl-provider-fips_3.5.4-1~deb13u2_i386.deb
 f0af0732d1ba59b02ddb61de00b36d3e 69532 debug optional openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_i386.deb
 eec58c30c7a5770b8aeabdc9f56b94c1 305024 utils optional openssl-provider-legacy_3.5.4-1~deb13u2_i386.deb
 6b4078fbde035e9a958af80b321d47b8 8655 utils optional openssl_3.5.4-1~deb13u2_i386-buildd.buildinfo
 b62d8f774ef8f7d98642ea3850b3237a 1500188 utils optional openssl_3.5.4-1~deb13u2_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEv2qEY4xQXyY/2dWIvGw9w6VrLCcFAml0+1sACgkQvGw9w6Vr
LCdgTg//ey/y2KoyJrTUXWxcvh0HLUaGgzins7h2GVB6w/SmZhokCo+/UljA5WbI
68EATiQgAD5VznXgouuJcZBUTiHbBcFT6CNQUs19GgLjqYXQMOZ4vTw09/OYIs6J
21oyrWluc4YUvkMsBiMi/td49TZv5FN0OL/msWUoRnf1JfqGzKqFMdyF5BoEAANd
WcrO/nKX/noXVbmgxVm9EKcuQJQkexWQAjdlNOVVomG/kM702Q2zjNrMtuvL3Nem
tttuZFNjD/FdQcgRkuC6Ajw0+mT9jdvCT8kbkdCmIcDR3IOySBUf4jDywAHU6zbz
63aOZ4rksA/dMNO7IWYFA2Hd6pr1mjJZKWew/UOHYvLT7NIGZyYq9css2TViB3d9
uwWzlDqEa2ulXJ9yXP3KdKO7FmaV2ucOtePeKomLeafxecOPb8mEoELVjUfnTXU0
Cxrtn6bBkY7s0gTZkVD6rsqmAg6gj+iti4UZ2m5AgHavOPGjxVnSF7RuEhbXRV+Q
efXsGZtuGr7+6jyL0pBcVDYtGV5MAZRj1DhThr/veeHq2HGMFadL+MqHRqLWvOeU
lwmM1Y3buvBaE/ZSgcuoUAkt3LRgIYM00idUG472IdzJCpNDKceDW3Npawx+jlP+
lfT5eBmTYtxCn6j95CgwsoYy7zowXBq3pU33Hja8SToXRC7h0xQ=
=T/7e
-----END PGP SIGNATURE-----