-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 06 Jun 2026 21:56:20 +0200 Source: openssl Binary: libcrypto3-udeb libssl-dev libssl3 libssl3-dbgsym libssl3-udeb openssl openssl-dbgsym Architecture: mipsel Version: 3.0.20-1~deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-04) Changed-By: Sebastian Andrzej Siewior Description: libcrypto3-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl3 - Secure Sockets Layer toolkit - shared libraries libssl3-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (3.0.20-1~deb12u2) bookworm-security; urgency=medium . * CVE-2026-7383 ("Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion") * CVE-2026-9076 ("Out-of-Bounds Read in CMS Password-Based Decryption") * CVE-2026-34180 ("Heap Buffer Over-read in ASN.1 Content Parsing") * CVE-2026-34182 ("CMS AuthEnvelopedData Processing May Accept Forged Messages") * CVE-2026-42766 ("Possible NULL Dereference in Password-Based CMS Decryption") * CVE-2026-42770 ("FFC-DH Peer Validation Uses Attacker-Supplied q") * CVE-2026-45445 ("AES-OCB IV Ignored on EVP_Cipher() Path") * CVE-2026-45446 ("Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes") * CVE-2026-45447 ("Heap Use-After-Free in OpenSSL PKCS7_verify()") Checksums-Sha1: a8efa54a6258b10bdd85ff9b6ee14c8ae4284df3 1074676 libcrypto3-udeb_3.0.20-1~deb12u2_mipsel.udeb 5a4f9729d74dafbe68bd6675ca44cf539e3d2af7 2284908 libssl-dev_3.0.20-1~deb12u2_mipsel.deb 4d0e90b52aeb3ab9da0fc70b453fd444b6f7bd5f 4623764 libssl3-dbgsym_3.0.20-1~deb12u2_mipsel.deb 38d29b018f76c5740386021f4018c16a9b0ea258 184524 libssl3-udeb_3.0.20-1~deb12u2_mipsel.udeb a36aeb49628ca2b7008ffcba06957b72dab51dd3 1540324 libssl3_3.0.20-1~deb12u2_mipsel.deb 0bb77f278d0fe214a4c042944831377139967024 692720 openssl-dbgsym_3.0.20-1~deb12u2_mipsel.deb 302e1d60c67ec2942c8081a546cc3e3f1cc75e32 7622 openssl_3.0.20-1~deb12u2_mipsel-buildd.buildinfo 78925b25bde9f6f56a9de493da75b8a81b385af5 1393552 openssl_3.0.20-1~deb12u2_mipsel.deb Checksums-Sha256: c1d654d1edf8e5073fbdeb7c0ec98ef5f9759cab6c54c506aa2bf5bf62fcd10e 1074676 libcrypto3-udeb_3.0.20-1~deb12u2_mipsel.udeb 2815e3aca29fc6eede705fcfad2d173ade003c935813a93c591bd92b32209427 2284908 libssl-dev_3.0.20-1~deb12u2_mipsel.deb b3fc068c9403466290ff1b490baf68e43c8f004d25a296a50a3d4808999b1d67 4623764 libssl3-dbgsym_3.0.20-1~deb12u2_mipsel.deb 8752b5a8b48b423ca2c3154ec1d9bdb5f93dbbec8159f143ea32309acb018f8d 184524 libssl3-udeb_3.0.20-1~deb12u2_mipsel.udeb a43c59be7e929e8b31571b6ea69df53153c9fa0f109808282300ec967c57c0b7 1540324 libssl3_3.0.20-1~deb12u2_mipsel.deb 0b12c794dae9b574b24df3f0b9ea8c646180c8673436962fce11c5ee4b7a270b 692720 openssl-dbgsym_3.0.20-1~deb12u2_mipsel.deb b5e6871e3471ab5fd5893fdfbbe565ae593cb573d9065e66c9e1fc0d7cbc3e2d 7622 openssl_3.0.20-1~deb12u2_mipsel-buildd.buildinfo d67adc28ea2939b1dccfb0c4c8548f3614c980e20bc3944e016ecc75964d395f 1393552 openssl_3.0.20-1~deb12u2_mipsel.deb Files: 9ff9988dd192ba22090b43a9aeb12f2d 1074676 debian-installer optional libcrypto3-udeb_3.0.20-1~deb12u2_mipsel.udeb 131e49b7c5b4d26b1add1268a8678a95 2284908 libdevel optional libssl-dev_3.0.20-1~deb12u2_mipsel.deb f1c1f0aab7d826238ac3941c99616e97 4623764 debug optional libssl3-dbgsym_3.0.20-1~deb12u2_mipsel.deb 2df1b957526893b4b6a2fc231378cbd7 184524 debian-installer optional libssl3-udeb_3.0.20-1~deb12u2_mipsel.udeb 38438135932d07e715b6050982a33fd6 1540324 libs optional libssl3_3.0.20-1~deb12u2_mipsel.deb 89e9f034fd3a2960750ee1eeb44d3a45 692720 debug optional openssl-dbgsym_3.0.20-1~deb12u2_mipsel.deb 3ce9b291dde4359adbab9513d7adb8f6 7622 utils optional openssl_3.0.20-1~deb12u2_mipsel-buildd.buildinfo 78a556ce0d15480c26dc627cbca6e275 1393552 utils optional openssl_3.0.20-1~deb12u2_mipsel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEyYUQCyzsgu940OiVpwP2OD8jZaoFAmokraMACgkQpwP2OD8j ZaplOxAAuxVw1NxaX0u08K+Oe3nny/fTfRJKArpqplXYttA6AB4opbFqK6joQugQ zYzVV8Szw1AEDcDOZkCO8awjCN4c7pUuqVV4Dnopcott1S505MSuDn0u0mqgleXg eAihcGh6+/GimRLypLugt3+bej1dA5N670VfVcEmLoUZfUAYR1MwizmxtUO5fzmj ONRTJSm7Kyref65ICH0T8M+iyl+d8O6bY/X0Ku26OuQ0TA9Je/nVg+ZbKhpUjlIE pEQOXOWURtsWn7zwvxAUsnbNMXaFf9oFR4PB60O375+CpKvpUx2vNrvrXqMrqMqa I1tmb/zdXC66+DsKuCl8FAFYOgpih3rcjh7rZjZwntz4QwgLEglSOuPd/mtWnrKX 4lu/ukRWx+kdMqhqLlIF9D3dqmPk5bVAX9ORDoGxbaskfo+jcVWs9bJxzNCL9cC8 yRj0ASMbzTCs9dnQJuaH6gD1MbSqEEHEtsKaksUVXtUioozpAxgPYpRuPgtzVbh8 EgvDZy9fvwGCo0NbSXwnqEZIE3oQyr240en3VeipBo/svd5q4gsmUY+eEiKbc8/h eayBrwp7gter/WhQfeQzY7GhRgD4v+DF54I/MXSj54aaAymMuBdb/v/TYUJs+Xqw Ngi4alQJrhMEq1JxxYN3dtXKHCWo4WUAvGVGe348gkufcJ7IAXY= =W1Pn -----END PGP SIGNATURE-----