-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 06 Jun 2026 21:56:20 +0200
Source: openssl
Binary: libssl-doc
Architecture: all
Version: 3.0.20-1~deb12u2
Distribution: bookworm-security
Urgency: medium
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Description:
 libssl-doc - Secure Sockets Layer toolkit - development documentation
Changes:
 openssl (3.0.20-1~deb12u2) bookworm-security; urgency=medium
 .
   * CVE-2026-7383 ("Possible Heap Buffer Overflow in ASN.1 Multibyte String
     Conversion")
   * CVE-2026-9076 ("Out-of-Bounds Read in CMS Password-Based Decryption")
   * CVE-2026-34180 ("Heap Buffer Over-read in ASN.1 Content Parsing")
   * CVE-2026-34182 ("CMS AuthEnvelopedData Processing May Accept Forged
     Messages")
   * CVE-2026-42766 ("Possible NULL Dereference in Password-Based CMS
     Decryption")
   * CVE-2026-42770 ("FFC-DH Peer Validation Uses Attacker-Supplied q")
   * CVE-2026-45445 ("AES-OCB IV Ignored on EVP_Cipher() Path")
   * CVE-2026-45446 ("Incorrect Tag Processing for Empty Messages in
     AES-GCM-SIV and AES-SIV modes")
   * CVE-2026-45447 ("Heap Use-After-Free in OpenSSL PKCS7_verify()")
Checksums-Sha1:
 c944db830750442d086a296e13b5c088ffe88481 2400872 libssl-doc_3.0.20-1~deb12u2_all.deb
 fa2f230a2673ae8a7ed4db6f5bf7eb659c65a783 6055 openssl_3.0.20-1~deb12u2_all-buildd.buildinfo
Checksums-Sha256:
 288301da4a89227dfbb98fe498894e1f79aeda29d0aae4a84fb7db4fc0d3fba4 2400872 libssl-doc_3.0.20-1~deb12u2_all.deb
 783e5d1346f8f7f1bd9be420c6ce97c29d1c893adcecf9a25c4078b4eede0a46 6055 openssl_3.0.20-1~deb12u2_all-buildd.buildinfo
Files:
 5e9f400a7dea00af774523b88115a8dc 2400872 doc optional libssl-doc_3.0.20-1~deb12u2_all.deb
 5f6e0a18a9b9551c8efc548e902f96aa 6055 utils optional openssl_3.0.20-1~deb12u2_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE81O8NL+3kjBAqEvLmgPNRvTf/zcFAmokkd4ACgkQmgPNRvTf
/zdYmxAAk3/5uGoie4eKMo/qTWupthTPdmjvWKGncyMKhUEK04oHYAuKAEk1plC+
kL4Iw8OSKMa+daGCq68NlMboa+6+r8gBzkbbBCeyYUYFDcbA/ovCHnPKob9mzj9w
vYu2f7tF29blRFP4DOlPaJZXIgxq+smTdRuETcQ+7CwEt+Bm+L9oZamCyWt18yiN
RjnjKL33sHAWrI2b1DAdkjesJIfCg7+2prwbg50YA939gCGubJQtfu5lWjaF6kbo
728s/Aukzr3vTp+45tszdQpKtWJi8TMFanP3Qwc2j2YMsblJF15Nb9leu4uYYhrL
dJKbMZP/4cDuzAf13uM273UTqYS8Ja68PsOWOSO1PtWl+hANsbJvq3Z6Ca/nTH7i
NjLVCzhxTJldXJCIzjRK/N2WTql8nKPHwfVWqeCbhb5Ltt5ih0MqRMvSuOomyx0d
ZumIrWhwsZyq4nNXPSfCqnpg/e22RpYeZ4nMLfvbJlEk6tzdvmWmovym5AI6OqK8
oQUHQaRVgBfVYMYI9hSKD4ORpwyEiNvxwfciy1940tF8zshe213Iov1s9DMmA+tr
/oI3SR3HQ2wNy6Uv9smXzCluY5wCtMgA55qD67obnceRP6Yd7g3LZzoAeUyuzzaq
P5WYAmhlHTSltzhDrwCXV0W/+KvyA0RDRcPOYW8ukkfl6md3/2Q=
=hB6X
-----END PGP SIGNATURE-----