-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jan 2026 16:50:07 +0100
Source: openssl
Binary: libcrypto3-udeb libssl-dev libssl3-udeb libssl3t64 libssl3t64-dbgsym openssl openssl-dbgsym openssl-provider-fips openssl-provider-fips-dbgsym openssl-provider-legacy openssl-provider-legacy-dbgsym
Architecture: s390x
Version: 3.5.4-1~deb13u2
Distribution: trixie-security
Urgency: medium
Maintainer: s390x Build Daemon (zandonai) <buildd_s390x-zandonai@buildd.debian.org>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Description:
 libcrypto3-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl3-udeb - ssl shared library - udeb (udeb)
 libssl3t64 - Secure Sockets Layer toolkit - shared libraries
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
 openssl-provider-fips - Secure Sockets Layer toolkit - cryptographic utility
 openssl-provider-legacy - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (3.5.4-1~deb13u2) trixie-security; urgency=medium
 .
   * CVE-2025-11187 (Improper validation of PBMAC1 parameters in PKCS#12 MAC
     verification)
   * CVE-2025-15467 (Stack buffer overflow in CMS AuthEnvelopedData parsing)
   * CVE-2025-15468 (NULL dereference in SSL_CIPHER_find() function on unknown
     cipher ID)
   * CVE-2025-15469 ("openssl dgst" one-shot codepath silently truncates inputs
     >16MB)
   * CVE-2025-66199 (TLS 1.3 CompressedCertificate excessive memory allocation)
   * CVE-2025-68160 (Heap out-of-bounds write in BIO_f_linebuffer on short
     writes)
   * CVE-2025-69418 (Unauthenticated/unencrypted trailing bytes with low-level
     OCB function calls)
   * CVE-2025-69419 (Out of bounds write in PKCS12_get_friendlyname() UTF-8
     conversion)
   * CVE-2025-69420 (Missing ASN1_TYPE validation in TS_RESP_verify_response()
     function)
   * CVE-2025-69421 (NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex
     function)
   * CVE-2026-22795 (Missing ASN1_TYPE validation in PKCS#12 parsing)
   * CVE-2026-22796 (ASN1_TYPE Type Confusion in the
     PKCS7_digest_from_attributes() function)
Checksums-Sha1:
 d9cf19e509634048cef5b8a158171ad11b6c5f64 1595484 libcrypto3-udeb_3.5.4-1~deb13u2_s390x.udeb
 179fcf624f379da3751c85f0876932b5806d6e52 2565488 libssl-dev_3.5.4-1~deb13u2_s390x.deb
 1d10a0eecaadecd282b93dfe1bebe9f4db77d209 347156 libssl3-udeb_3.5.4-1~deb13u2_s390x.udeb
 37fc9fee0ec9d5535470f254467973ddd2a9afcc 5917908 libssl3t64-dbgsym_3.5.4-1~deb13u2_s390x.deb
 cae854cf50fd0a7623de77369d62c98860d5445e 2029784 libssl3t64_3.5.4-1~deb13u2_s390x.deb
 b4e9d34967d97b77992dbbcccc469f7ffe4a4261 750192 openssl-dbgsym_3.5.4-1~deb13u2_s390x.deb
 f1b9fbed7d7f68a4ea2798cc9ec4493cd46346ec 1594688 openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_s390x.deb
 5faa93c0204c7646990d152085609952d5bc7e0f 782204 openssl-provider-fips_3.5.4-1~deb13u2_s390x.deb
 b575c491d5b5226833b3c155b6deed7f72ce5361 95812 openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_s390x.deb
 6fcdb68d30267fd39d6c41be3ec08dae6892b9ab 306872 openssl-provider-legacy_3.5.4-1~deb13u2_s390x.deb
 cfd176307c4a22b6bcb76519ec72d93ee775220d 8643 openssl_3.5.4-1~deb13u2_s390x-buildd.buildinfo
 a29807f75ed4d0975278578d2425cb0e626668ab 1483844 openssl_3.5.4-1~deb13u2_s390x.deb
Checksums-Sha256:
 17a78896240e17933d8fc7e4b69b9a11454749be38517db3a6211ddf0ded6013 1595484 libcrypto3-udeb_3.5.4-1~deb13u2_s390x.udeb
 00d611a78fb214a6c6c7d6398490ed0073f21bfa3f3c5753d26f3f2bde05270e 2565488 libssl-dev_3.5.4-1~deb13u2_s390x.deb
 405c5bbd65f2b6d34f45be294263fff85c94fcd320558ea051ec017763331f57 347156 libssl3-udeb_3.5.4-1~deb13u2_s390x.udeb
 4230df28c952f05393d69ea51ef96b012299b7b284f09e85aa591859fa23d878 5917908 libssl3t64-dbgsym_3.5.4-1~deb13u2_s390x.deb
 09e5c05eeff223bb7c82b313b1e174e4ea776438ba142a1f08eeb9937c957c79 2029784 libssl3t64_3.5.4-1~deb13u2_s390x.deb
 2dc320d63d9d15080b9e344b3d82dc585391b5bd6ebd78e4664bfd741c7c903a 750192 openssl-dbgsym_3.5.4-1~deb13u2_s390x.deb
 1b44a6242251c0307beb1ca37b8f46eb034e4aee8837ee953fe3839d184cabea 1594688 openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_s390x.deb
 9e636b10203cc3e383c7f7771b89e48a5bca3e2bcc78763db96de6d6315a8fab 782204 openssl-provider-fips_3.5.4-1~deb13u2_s390x.deb
 092dff3d7436a049ca8b94ce7577264dca3a15cc2fe3869c6abcc94f7c0e867b 95812 openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_s390x.deb
 b74809e828d5490fe0a76c915086e170d169dd1c926f3b1640b53725d26448d4 306872 openssl-provider-legacy_3.5.4-1~deb13u2_s390x.deb
 cb1be01a5b819af50a8c58dc50f3a59783b4aaf9380a919339ab7500d4b8af97 8643 openssl_3.5.4-1~deb13u2_s390x-buildd.buildinfo
 3e38d071c8ca89a63d4ec05d5e8c8573264baadeb958ac974fe23125c83c3c2a 1483844 openssl_3.5.4-1~deb13u2_s390x.deb
Files:
 eef7f640ff0d8c9209359268e843b470 1595484 debian-installer optional libcrypto3-udeb_3.5.4-1~deb13u2_s390x.udeb
 ed25e511759cb8402afadd756f712382 2565488 libdevel optional libssl-dev_3.5.4-1~deb13u2_s390x.deb
 5f3ed7cdeeb1c37a81bc2f825ecabcaa 347156 debian-installer optional libssl3-udeb_3.5.4-1~deb13u2_s390x.udeb
 bbfbe5e13af9f0f2c4f9eb44823a11ce 5917908 debug optional libssl3t64-dbgsym_3.5.4-1~deb13u2_s390x.deb
 a88e6f7fdced88099ddf2b6484811e83 2029784 libs optional libssl3t64_3.5.4-1~deb13u2_s390x.deb
 ede8356fed866843b53c20757eae7d9a 750192 debug optional openssl-dbgsym_3.5.4-1~deb13u2_s390x.deb
 bf8ea83d1f03624564601b04df48d9a4 1594688 debug optional openssl-provider-fips-dbgsym_3.5.4-1~deb13u2_s390x.deb
 9cf16e29252853bf3d22eb1b2d7586bb 782204 utils optional openssl-provider-fips_3.5.4-1~deb13u2_s390x.deb
 3cb21d6cad506f03cf4b0f90271b400c 95812 debug optional openssl-provider-legacy-dbgsym_3.5.4-1~deb13u2_s390x.deb
 e56f85679bcd802610b7af715f9ed91d 306872 utils optional openssl-provider-legacy_3.5.4-1~deb13u2_s390x.deb
 b0cd34def088a162ca28bfdd63b81a6a 8643 utils optional openssl_3.5.4-1~deb13u2_s390x-buildd.buildinfo
 71a0e0f9bf8cfc217ffe93f7afdd5c2b 1483844 utils optional openssl_3.5.4-1~deb13u2_s390x.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEENly2ANlpa4eeqnluvVOPI7pYNpgFAml0+2EACgkQvVOPI7pY
NpgDoRAApXYA6ZEpRaMpz0GVESrj9ZVq6Z09ENi6a02g5jkH2A+Zm1lP1UvJGBTe
VBsT5xS09gjFXfl/SsrpaaR8GYrMmx3FAGsxJsu/t4vlw5kZR1sS7Dy+LF6CchTy
csUlGqUL2HXd6BhQ4uvRWjOGFT9krFLpUqc87GDIi/V9mPJHwrygITWe3WqSAD1e
Kc9YjX46Fqje2rw/2MtbqOppkQM/Y+dZhdMWbRXPkDkHk7CYxlwuMTMPiRAMUG/G
ucjNrIX+8wZwd4V7pfx65EuEotmmXoUKCm+e8fR+nys/fWO7S4BAezLtnai7naRc
VIt+oKyO0O2zcMiUDyh76jbdQO/iXCkgwFIWb3ZzdK2eFT3AFEPHL9AxKdnLSuQl
aZNmi9IckRRNdYXJwILrfjw48S68dhK6xltNuUUN1xVWAEf0smIhkbsuz5daUVG+
qRlVrIV8PxgU+Sqs0dmIGZR47Efzhn3qW0qJHSbtcwkVKAfiFcczIvL8e/KTa7R6
8a0HLYXUrIhq6/kKR7l85cm2IoHXhh39U3dfzZyBkC1FvMLcs+CPSSzjQTIQpZgU
GZb1LjGo9gVaGcOWjBvnBNdeeTkqBX5Et91Rz0dru6S/c498T3Gw0Lg1vjqfV3LA
FV+nREWAn7MQVIv95La6sflOAd76L0/VmVMOlvl2u4sq7aLqDYM=
=XqkL
-----END PGP SIGNATURE-----