-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jan 2026 16:50:07 +0100
Source: openssl
Binary: libcrypto3-udeb libssl-dev libssl3-udeb libssl3t64 libssl3t64-dbgsym openssl openssl-dbgsym openssl-provider-fips openssl-provider-fips-dbgsym openssl-provider-legacy openssl-provider-legacy-dbgsym
Architecture: riscv64
Version: 3.5.4-1~deb13u2
Distribution: trixie-security
Urgency: medium
Maintainer: riscv64 Build Daemon (rv-osuosl-04) <buildd_riscv64-rv-osuosl-04@buildd.debian.org>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Description:
 libcrypto3-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl3-udeb - ssl shared library - udeb (udeb)
 libssl3t64 - Secure Sockets Layer toolkit - shared libraries
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
 openssl-provider-fips - Secure Sockets Layer toolkit - cryptographic utility
 openssl-provider-legacy - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (3.5.4-1~deb13u2) trixie-security; urgency=medium
 .
   * CVE-2025-11187 (Improper validation of PBMAC1 parameters in PKCS#12 MAC
     verification)
   * CVE-2025-15467 (Stack buffer overflow in CMS AuthEnvelopedData parsing)
   * CVE-2025-15468 (NULL dereference in SSL_CIPHER_find() function on unknown
     cipher ID)
   * CVE-2025-15469 ("openssl dgst" one-shot codepath silently truncates inputs
     >16MB)
   * CVE-2025-66199 (TLS 1.3 CompressedCertificate excessive memory allocation)
   * CVE-2025-68160 (Heap out-of-bounds write in BIO_f_linebuffer on short
     writes)
   * CVE-2025-69418 (Unauthenticated/unencrypted trailing bytes with low-level
     OCB function calls)
   * CVE-2025-69419 (Out of bounds write in PKCS12_get_friendlyname() UTF-8
     conversion)
   * CVE-2025-69420 (Missing ASN1_TYPE validation in TS_RESP_verify_response()
     function)
   * CVE-2025-69421 (NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex
     function)
   * CVE-2026-22795 (Missing ASN1_TYPE validation in PKCS#12 parsing)
   * CVE-2026-22796 (ASN1_TYPE Type Confusion in the
     PKCS7_digest_from_attributes() function)
Checksums-Sha1:
 ad79656b6a717062dde678a536f373afed683525 1805840 libcrypto3-udeb_3.5.4-1~deb13u2_riscv64.udeb
 73d4ef55ebcc8412cfb08cc9a53c153b4eb6e31e 5794388 libssl-dev_3.5.4-1~deb13u2_riscv64.deb
 4ebf8cbc263e71c44f3203227e94a42b858482d3 378728 libssl3-udeb_3.5.4-1~deb13u2_riscv64.udeb
 87313398788b73588a6fa6d6bd13dbaaa15dbd48 5786836 libssl3t64-dbgsym_3.5.4-1~deb13u2_riscv64.deb
 0fa99db91f2a73e9e7a203d8b8956d301380c9c6 2225472 libssl3t64_3.5.4-1~deb13u2_riscv64.deb
 b0b262a75bee910b567a76c7e54dc78f9ffc1fa5 732920 openssl-dbgsym_3.5.4-1~deb13u2_riscv64.deb
 9ae7d5c2c992580ec60d1758846b5d01a860cc8a 1659256 openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_riscv64.deb
 4aae9489f7005b10869834aba3bb8257e7456614 883192 openssl-provider-fips_3.5.4-1~deb13u2_riscv64.deb
 1cb2177d996fd602f39cda1121d893e5282626ae 92204 openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_riscv64.deb
 bdd4252738240fa226fe75c31e32d4dc20fbcc59 309244 openssl-provider-legacy_3.5.4-1~deb13u2_riscv64.deb
 7720bef98bfcefd38d177cd524e8c865432c9798 8779 openssl_3.5.4-1~deb13u2_riscv64-buildd.buildinfo
 b89010aba8f897ca41c3f77f65c99fcb99dffede 1476108 openssl_3.5.4-1~deb13u2_riscv64.deb
Checksums-Sha256:
 eb2f92d224dd530946fc7abe9d94866e5422e969bf0ef0a9076cf5b8b4515d12 1805840 libcrypto3-udeb_3.5.4-1~deb13u2_riscv64.udeb
 4975224d416f9493b459057b9a615cef1fc51e0dd4c2b7aa9803beafcbd585e5 5794388 libssl-dev_3.5.4-1~deb13u2_riscv64.deb
 9a83bbf850b18d3ffd6c9e6ced26d0f1a9f1d241558f021c33586d9fe933e4bc 378728 libssl3-udeb_3.5.4-1~deb13u2_riscv64.udeb
 a645b880c1100f500f59381728139fdfa7bb1ad2a24b6e3304abd7911df7a0eb 5786836 libssl3t64-dbgsym_3.5.4-1~deb13u2_riscv64.deb
 30e9c43603b8d5ba5a25e2e69254f9651def1c8d90873b8962f3d99db35b84b6 2225472 libssl3t64_3.5.4-1~deb13u2_riscv64.deb
 e3fc075866a076552a31d0d66559a0c4f31bdce79af40e82d65bf3f791718049 732920 openssl-dbgsym_3.5.4-1~deb13u2_riscv64.deb
 42bd1db3e460c67dd59d893c9ac499138b883951bb00df2412002b992f078abb 1659256 openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_riscv64.deb
 f3d923b7a7a68ed7d42c29a16e440a61fa41b0f52096a650af72c54328ab1a42 883192 openssl-provider-fips_3.5.4-1~deb13u2_riscv64.deb
 3ba0e23247d834f3915436a5801d44af3bf52a0962ccfdd4d6b5c8a268ba33ef 92204 openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_riscv64.deb
 da48de579f477c369be76a78a87720818d07ad8faaa01b9cfa9cb6053c7ac324 309244 openssl-provider-legacy_3.5.4-1~deb13u2_riscv64.deb
 ae461b9558d9fda785c11f43b19cbcc18b00fef18b88922caba49caa1445767c 8779 openssl_3.5.4-1~deb13u2_riscv64-buildd.buildinfo
 211770235d2a0d25c059181d51cb2e578e3ee8fcd8b5bcb53b85bbc9b87593e1 1476108 openssl_3.5.4-1~deb13u2_riscv64.deb
Files:
 10dac7dc836b9a8cab8c273b89b15905 1805840 debian-installer optional libcrypto3-udeb_3.5.4-1~deb13u2_riscv64.udeb
 25610eb47b415ce4bbd49a047a8efa32 5794388 libdevel optional libssl-dev_3.5.4-1~deb13u2_riscv64.deb
 d81cbbb00a25ed92b522bf29b593fc5e 378728 debian-installer optional libssl3-udeb_3.5.4-1~deb13u2_riscv64.udeb
 f70d115204be4f57b6e635d9f0621439 5786836 debug optional libssl3t64-dbgsym_3.5.4-1~deb13u2_riscv64.deb
 12a131c7e6fc76df7082816b7ba5a9fc 2225472 libs optional libssl3t64_3.5.4-1~deb13u2_riscv64.deb
 f155844f01a054c1c5e070a720fa6e3b 732920 debug optional openssl-dbgsym_3.5.4-1~deb13u2_riscv64.deb
 3f84fb50b6f9aaaf503f034e7c1e3c3c 1659256 debug optional openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_riscv64.deb
 837e5698f5dc7dbc9f5d96a53ca97028 883192 utils optional openssl-provider-fips_3.5.4-1~deb13u2_riscv64.deb
 40af672a4cc5f2ba5bdf13655e8c3314 92204 debug optional openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_riscv64.deb
 86becec78a1a8469f8df6900d768cbf5 309244 utils optional openssl-provider-legacy_3.5.4-1~deb13u2_riscv64.deb
 1ceedcafd5363ea0f34dd69df7ca4c68 8779 utils optional openssl_3.5.4-1~deb13u2_riscv64-buildd.buildinfo
 fa03cec9f6eb2f3021d6bf89ff4367c7 1476108 utils optional openssl_3.5.4-1~deb13u2_riscv64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgLDDByWcR07HDSHyNVgvumj7+mMFAml1Hx4ACgkQNVgvumj7
+mNbdA//fZO92k0YPwutxtXimkPgq9Qpt1Djk1P6vERvc3Nk+BxA+ZJ5dnCG4ni5
1HWad6/XuArAa+DiMfilhe7+kzVat0FVGrg5OSKgAuA4qBFmt2hY3HasoM49cAY3
SbRlopZf/sH/PMSqRKF3HZYZbP+RSnDscLfXJu7tw1fKx2u//gWDyTxIPF0AZMda
k0e7UVqQfjj1ruiz2Pbdof0ZOXYSeICZOxuXBhaV+fD5brSd7QGMsQ5vu3MRnzMn
hB4M25dNg4ZHKQihHoeutxmi1i3nsSL1cUskpAv6vgZFSQ/rV591SsXtG3gVqJJh
BcgDUCgS7Z/0fWWhFNcHq0mnmQiJjv7XrWl+jhc4fHF3jO9/pWbalvJl99bs6G+O
lVTBYBz47FycPH6+eJk0RilzFWpbhqEDyCEMfSBRwExdaD8gGevHPyklYK3O6fer
ibZ7DAtH2EwdwF5eK3EppJQMwG/Y3jjLm2ZUIqst9x/Wi8rdKQ5wtBWsi4hrq0Qo
hcvBcQiXHypC2reaDryzs+jAmHJo5HYL/+owKRji6czs1Ucg2+EPPkde6QEyCvma
85Qfvf2kPO3H+AVtWnCFd8N6779Q39PY6oCFqIiSM73gRnPv1ha/Hnx5If3bLtHY
otRYFMY1sT8YEinEhRXP3bpsnwZ0VdOQY5MHZ2bsJ0Z5W2BD1V0=
=5udS
-----END PGP SIGNATURE-----