-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 06 Jun 2026 21:55:35 +0200
Source: openssl
Binary: libcrypto3-udeb libssl-dev libssl3-udeb libssl3t64 libssl3t64-dbgsym openssl openssl-dbgsym openssl-provider-fips openssl-provider-fips-dbgsym openssl-provider-legacy openssl-provider-legacy-dbgsym
Architecture: amd64
Version: 3.5.6-1~deb13u2
Distribution: trixie-security
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Description:
 libcrypto3-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl3-udeb - ssl shared library - udeb (udeb)
 libssl3t64 - Secure Sockets Layer toolkit - shared libraries
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
 openssl-provider-fips - Secure Sockets Layer toolkit - cryptographic utility
 openssl-provider-legacy - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (3.5.6-1~deb13u2) trixie-security; urgency=medium
 .
   * CVE-2026-7383 ("Possible Heap Buffer Overflow in ASN.1 Multibyte String
     Conversion")
   * CVE-2026-9076 ("Out-of-Bounds Read in CMS Password-Based Decryption")
   * CVE-2026-34180 ("Heap Buffer Over-read in ASN.1 Content Parsing")
   * CVE-2026-34181 ("PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC
     Keys")
   * CVE-2026-34182 ("CMS AuthEnvelopedData Processing May Accept Forged
     Messages")
   * CVE-2026-34183 ("Unbounded Memory Growth in the QUIC PATH_CHALLENGE
     Handler")
   * CVE-2026-42764 ("NULL pointer dereference in QUIC server initial packet
     handling")
   * CVE-2026-42766 ("Possible NULL Dereference in Password-Based CMS
     Decryption")
   * CVE-2026-42767 ("NULL Pointer Dereference in CRMF EncryptedValue
     Decryption")
   * CVE-2026-42768 ("Multi-RecipientInfo Bleichenbacher Oracle in
     CMS_decrypt() and PKCS7_decrypt()")
   * CVE-2026-42769 ("Trust-Anchor Substitution via cert/issuer Typo in CMP
     rootCaKeyUpdate")
   * CVE-2026-42770 ("FFC-DH Peer Validation Uses Attacker-Supplied q")
   * CVE-2026-45445 ("AES-OCB IV Ignored on EVP_Cipher() Path")
   * CVE-2026-45446 ("Incorrect Tag Processing for Empty Messages in
     AES-GCM-SIV and AES-SIV modes")
   * CVE-2026-45447 ("Heap Use-After-Free in OpenSSL PKCS7_verify()")
Checksums-Sha1:
 d767feb82c740171d46f043eb944b5483e855555 2018384 libcrypto3-udeb_3.5.6-1~deb13u2_amd64.udeb
 ed4549f189f5faa3929d51268c16419c2ee87616 2959032 libssl-dev_3.5.6-1~deb13u2_amd64.deb
 4cf3d0ee44c92b3a906435e6f1246de3bb0329f4 372424 libssl3-udeb_3.5.6-1~deb13u2_amd64.udeb
 2e4a9009759266fa53238d85711c719eef1ad7f8 6215224 libssl3t64-dbgsym_3.5.6-1~deb13u2_amd64.deb
 fa81f709727b16de2a82710bbe0556b58f2b3f50 2447924 libssl3t64_3.5.6-1~deb13u2_amd64.deb
 6f75b4d745ec471a72611e6902b2af10122c012a 749852 openssl-dbgsym_3.5.6-1~deb13u2_amd64.deb
 70ab00678be9dfe608f5d94d99386420e7ee5259 1828892 openssl-provider-fips-dbgsym_3.5.6-1~deb13u2_amd64.deb
 c444a5bbc1f16ed75a1ec383c77b1e5d7431a6c8 1105000 openssl-provider-fips_3.5.6-1~deb13u2_amd64.deb
 e600a132b16c3e543ae08dafad5db58183623b0f 97800 openssl-provider-legacy-dbgsym_3.5.6-1~deb13u2_amd64.deb
 3b5367f36e8989c6021e165214a9afe7a2110121 312688 openssl-provider-legacy_3.5.6-1~deb13u2_amd64.deb
 db64243872f51821c5ad6659179b16b9c204a235 8810 openssl_3.5.6-1~deb13u2_amd64-buildd.buildinfo
 800be77287a05e5b1a4c70e2ea363dbab6945cea 1502560 openssl_3.5.6-1~deb13u2_amd64.deb
Checksums-Sha256:
 c1f202a7087eb1051bac520a0bb13a4b34483a1775bd493492bb9c5914bdba59 2018384 libcrypto3-udeb_3.5.6-1~deb13u2_amd64.udeb
 04250d9e51fc87ef6d539f36cf0b66668dd34beec101af56dc35198ea99cef00 2959032 libssl-dev_3.5.6-1~deb13u2_amd64.deb
 4d25d961bf74e2f050f1313b317ee04dd8b86a7a382b0acc1fd0b0b88c151c87 372424 libssl3-udeb_3.5.6-1~deb13u2_amd64.udeb
 ce02857d9b8ddeffa2c03c5ce4223ac7fb7d368eff448afb00530daadc4a9a0f 6215224 libssl3t64-dbgsym_3.5.6-1~deb13u2_amd64.deb
 b2dab3fe29c1fcb82ef58c2db0ff4bd830a442cf37b9a8b730b7b6ce87181349 2447924 libssl3t64_3.5.6-1~deb13u2_amd64.deb
 ff6752026dad223da10458527a1e025b46bf2ea8d910ef21494c1cae77a87480 749852 openssl-dbgsym_3.5.6-1~deb13u2_amd64.deb
 e29bba58e655d9ddbf2da5a54d074fe510d5467c0e65665ba8853b88a32c8a15 1828892 openssl-provider-fips-dbgsym_3.5.6-1~deb13u2_amd64.deb
 01a0513ec5c1eb4f5fc06a59dce5e0e5eeb701d4c9f16e66debe3048d8233581 1105000 openssl-provider-fips_3.5.6-1~deb13u2_amd64.deb
 dffd9d402f75171b56bae8870a3d6faf669f96da204a9a8d57e7fe0dea68e25d 97800 openssl-provider-legacy-dbgsym_3.5.6-1~deb13u2_amd64.deb
 feac35e2e79f70ca54abe3ffe3d7eeb51af5e56789d3b668df1ea4e6644db0a4 312688 openssl-provider-legacy_3.5.6-1~deb13u2_amd64.deb
 53d9b7c363bfadd052faa914bf45a2178796aa1fc295d4ce91de288804b83870 8810 openssl_3.5.6-1~deb13u2_amd64-buildd.buildinfo
 7b4270966255f0bad468ac889f4b090a6e10eb6ccbc2be0fa418560b24bdef5a 1502560 openssl_3.5.6-1~deb13u2_amd64.deb
Files:
 5aa5d0bf130b64a0b07abce49bba77fb 2018384 debian-installer optional libcrypto3-udeb_3.5.6-1~deb13u2_amd64.udeb
 30860ae7f82b46b682b6e6f32d08a3ce 2959032 libdevel optional libssl-dev_3.5.6-1~deb13u2_amd64.deb
 18c198699853010c02ab385a4abb490a 372424 debian-installer optional libssl3-udeb_3.5.6-1~deb13u2_amd64.udeb
 cc370e4e2a6bd80691b1baa270a21fbd 6215224 debug optional libssl3t64-dbgsym_3.5.6-1~deb13u2_amd64.deb
 88cfa9ea5cef21ed2c8a5976649d1900 2447924 libs optional libssl3t64_3.5.6-1~deb13u2_amd64.deb
 b2e76477357ebfc31ccacacb9542f13f 749852 debug optional openssl-dbgsym_3.5.6-1~deb13u2_amd64.deb
 d4842a4547d4de2341370d95ef1f8574 1828892 debug optional openssl-provider-fips-dbgsym_3.5.6-1~deb13u2_amd64.deb
 fa5bf3cf5b38550378f388620bbeaeb3 1105000 utils optional openssl-provider-fips_3.5.6-1~deb13u2_amd64.deb
 958c42d68b65a5a3f832b2ea5344129a 97800 debug optional openssl-provider-legacy-dbgsym_3.5.6-1~deb13u2_amd64.deb
 276e8f78023167ca2ad52fa8e767b0ae 312688 utils optional openssl-provider-legacy_3.5.6-1~deb13u2_amd64.deb
 2bd440358dd8da6b82bf959cd5b69246 8810 utils optional openssl_3.5.6-1~deb13u2_amd64-buildd.buildinfo
 8a87f7d54af366db55fedc572e530322 1502560 utils optional openssl_3.5.6-1~deb13u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmtr4KUMaso2EQ6NrTwt/65ON6zcFAmokpwUACgkQTwt/65ON
6zf5UQ/+N64BhcpvYzE2bixjnpwM4KxPwhrz1hH6h8jcnp6tklNIT8TWBZAoIH2S
kq8mj8a5vHBzBBH9PyBREck3b6RHjwxFKc2mct3k68FzY+snq17JwZZ3WZDoMpOY
oAJR8vIMFv3+xJ9RKZ3yFsQ62aowR+Yq5DFBT+YCuLcOotgyKp264dkCJ2+dEhmc
metPKLvbDn3eDrgCS3ypVgTEeij9AO7hNxAsH6xfeT6yW3p+I/BdPRVEfRA2NBaB
KYJh6C0nuHXX6N/LOAk7AGDeiU9tpFy4mStmaaQ+BTfm0O0J7IdKazBikUPv1OvI
ed0YgUkU/ircnChZVCVBkz63XWhOSCN5o+TT+Hi7HYfmLFT79+NZbZaVJCoDo8XR
4k67jgM6EJdW2VaDV9RYOIrnypS5GqThV6rfo4ZZGrNHyzsqH2ZlglN9crWgNJO+
yAz/ggzYSU6O9sDnPXn/tkLOqWaLllVZyAmmPoCserVdmhc3MD/cezFIt9xwXzPT
2tSVA7e2oQzg9xbojcJj8cXVe5dGnwE+pJnqX4faGHYugSmrR3l2VCyTfsVJj8ol
wVYluBRFpwHjQKh/2y6HXNJXoui7n0p1RKRywbA069zZS9K6Myw69u6eK3A2J4e9
JYnXsADT3xpuJrreFxBNQgzS/EvQA9GUR56OJcQYESCwJylxyOE=
=J+vc
-----END PGP SIGNATURE-----