Debian Package Tracker
Register | Log in
Subscribe

libcrypt-openssl-x509-perl

Perl extension to OpenSSL's X509 API

Choose email to subscribe with

general
  • source: libcrypt-openssl-x509-perl (main)
  • version: 2.1.3-1
  • maintainer: Debian Perl Group (archive) (DMD) (LowNMU)
  • uploaders: Damyan Ivanov [DMD] – gregor herrmann [DMD] – Salvatore Bonaccorso [DMD] – Niko Tyni [DMD] – Ansgar Burchardt [DMD]
  • arch: any
  • std-ver: 4.7.4
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 1.9.02-1
  • oldstable: 1.9.14-2
  • stable: 2.0.1-1
  • testing: 2.1.2-1
  • unstable: 2.1.3-1
versioned links
  • 1.9.02-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.9.14-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.0.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.1.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.1.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libcrypt-openssl-x509-perl
action needed
2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:
  • CVE-2026-58101: Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3_EXT_d2i(ext) returns NULL when an extension's DER value fails to parse. basicC, ia5string, and auth_att dereference its result without a NULL check. keyid_data also dereferences akid->keyid, which is NULL for an empty AKI SEQUENCE (DER 30 00) even when the parse succeeds. A caller invoking an affected helper on an extension from an untrusted certificate triggers a SIGSEGV that crashes the Perl process.
  • CVE-2026-58102: Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts. When building the extension hash (via extensions(), extensions_by_long_name(), extensions_by_oid(), or has_extension_oid()), the code passes OBJ_obj2txt()'s return value as the hash-key length; because that value is the OID's full text length rather than the bytes written to the fixed-size buffer (129 bytes), an OID whose text is longer than the 129-byte buffer causes a read past the allocation, exposing adjacent heap memory as the returned hash key. extensions_by_name() uses the static shortname path and is not affected.
Created: 2026-07-14 Last update: 2026-07-15 01:30
2 security issues in forky high

There are 2 open security issues in forky.

2 important issues:
  • CVE-2026-58101: Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3_EXT_d2i(ext) returns NULL when an extension's DER value fails to parse. basicC, ia5string, and auth_att dereference its result without a NULL check. keyid_data also dereferences akid->keyid, which is NULL for an empty AKI SEQUENCE (DER 30 00) even when the parse succeeds. A caller invoking an affected helper on an extension from an untrusted certificate triggers a SIGSEGV that crashes the Perl process.
  • CVE-2026-58102: Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts. When building the extension hash (via extensions(), extensions_by_long_name(), extensions_by_oid(), or has_extension_oid()), the code passes OBJ_obj2txt()'s return value as the hash-key length; because that value is the OID's full text length rather than the bytes written to the fixed-size buffer (129 bytes), an OID whose text is longer than the 129-byte buffer causes a read past the allocation, exposing adjacent heap memory as the returned hash key. extensions_by_name() uses the static shortname path and is not affected.
Created: 2026-07-14 Last update: 2026-07-15 01:30
2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:
  • CVE-2026-58101: Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3_EXT_d2i(ext) returns NULL when an extension's DER value fails to parse. basicC, ia5string, and auth_att dereference its result without a NULL check. keyid_data also dereferences akid->keyid, which is NULL for an empty AKI SEQUENCE (DER 30 00) even when the parse succeeds. A caller invoking an affected helper on an extension from an untrusted certificate triggers a SIGSEGV that crashes the Perl process.
  • CVE-2026-58102: Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts. When building the extension hash (via extensions(), extensions_by_long_name(), extensions_by_oid(), or has_extension_oid()), the code passes OBJ_obj2txt()'s return value as the hash-key length; because that value is the OID's full text length rather than the bytes written to the fixed-size buffer (129 bytes), an OID whose text is longer than the 129-byte buffer causes a read past the allocation, exposing adjacent heap memory as the returned hash key. extensions_by_name() uses the static shortname path and is not affected.
Created: 2026-07-14 Last update: 2026-07-15 01:30
2 security issues in bookworm high

There are 2 open security issues in bookworm.

2 important issues:
  • CVE-2026-58101: Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3_EXT_d2i(ext) returns NULL when an extension's DER value fails to parse. basicC, ia5string, and auth_att dereference its result without a NULL check. keyid_data also dereferences akid->keyid, which is NULL for an empty AKI SEQUENCE (DER 30 00) even when the parse succeeds. A caller invoking an affected helper on an extension from an untrusted certificate triggers a SIGSEGV that crashes the Perl process.
  • CVE-2026-58102: Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts. When building the extension hash (via extensions(), extensions_by_long_name(), extensions_by_oid(), or has_extension_oid()), the code passes OBJ_obj2txt()'s return value as the hash-key length; because that value is the OID's full text length rather than the bytes written to the fixed-size buffer (129 bytes), an OID whose text is longer than the 129-byte buffer causes a read past the allocation, exposing adjacent heap memory as the returned hash key. extensions_by_name() uses the static shortname path and is not affected.
Created: 2026-07-14 Last update: 2026-07-15 01:30
testing migrations
  • This package will soon be part of the perl-5.42 transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
  • This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
  • excuses:
    • Migration status for libcrypt-openssl-x509-perl (2.1.2-1 to 2.1.3-1): Waiting for test results or another package, or too young (no action required now - check later)
    • Issues preventing migration:
    • ∙ ∙ Too young, only 1 of 2 days old
    • Additional info (not blocking):
    • ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/libc/libcrypt-openssl-x509-perl.html
    • ∙ ∙ Autopkgtest for libcrypt-openssl-x509-perl/2.1.3-1: amd64: Pass, arm64: Pass, armhf: Pass, i386: Pass, loong64: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
    • ∙ ∙ Reproduced on amd64 - info
    • ∙ ∙ Reproduced on arm64 - info
    • ∙ ∙ Reproduced on armhf - info
    • ∙ ∙ Reproduced on i386 - info
    • ∙ ∙ Required age reduced by 3 days because of autopkgtest
    • Not considered
news
[rss feed]
  • [2026-07-14] Accepted libcrypt-openssl-x509-perl 2.1.3-1 (source) into unstable (gregor herrmann)
  • [2026-07-09] libcrypt-openssl-x509-perl 2.1.2-1 MIGRATED to testing (Debian testing watch)
  • [2026-07-06] Accepted libcrypt-openssl-x509-perl 2.1.2-1 (source) into unstable (gregor herrmann)
  • [2026-06-16] libcrypt-openssl-x509-perl 2.1.1-1 MIGRATED to testing (Debian testing watch)
  • [2026-06-12] Accepted libcrypt-openssl-x509-perl 2.1.1-1 (source) into unstable (gregor herrmann)
  • [2024-08-12] libcrypt-openssl-x509-perl 2.0.1-1 MIGRATED to testing (Debian testing watch)
  • [2024-08-12] libcrypt-openssl-x509-perl 2.0.1-1 MIGRATED to testing (Debian testing watch)
  • [2024-08-09] Accepted libcrypt-openssl-x509-perl 2.0.1-1 (source) into unstable (gregor herrmann)
  • [2024-07-31] libcrypt-openssl-x509-perl 2.0.0+pristine-1 MIGRATED to testing (Debian testing watch)
  • [2024-07-29] Accepted libcrypt-openssl-x509-perl 2.0.0+pristine-1 (source) into unstable (gregor herrmann)
  • [2023-10-06] libcrypt-openssl-x509-perl 1.9.15-1 MIGRATED to testing (Debian testing watch)
  • [2023-10-01] Accepted libcrypt-openssl-x509-perl 1.9.15-1 (source) into unstable (gregor herrmann)
  • [2022-09-14] libcrypt-openssl-x509-perl 1.9.14-2 MIGRATED to testing (Debian testing watch)
  • [2022-09-10] Accepted libcrypt-openssl-x509-perl 1.9.14-2 (source) into unstable (gregor herrmann)
  • [2022-05-11] libcrypt-openssl-x509-perl 1.9.14-1 MIGRATED to testing (Debian testing watch)
  • [2022-05-08] Accepted libcrypt-openssl-x509-perl 1.9.14-1 (source) into unstable (gregor herrmann)
  • [2022-03-10] libcrypt-openssl-x509-perl 1.9.13-1 MIGRATED to testing (Debian testing watch)
  • [2022-03-07] Accepted libcrypt-openssl-x509-perl 1.9.13-1 (source) into unstable (gregor herrmann)
  • [2022-01-25] libcrypt-openssl-x509-perl 1.9.12-1 MIGRATED to testing (Debian testing watch)
  • [2022-01-23] Accepted libcrypt-openssl-x509-perl 1.9.12-1 (source) into unstable (gregor herrmann)
  • [2021-09-28] libcrypt-openssl-x509-perl 1.9.10-1 MIGRATED to testing (Debian testing watch)
  • [2021-09-25] Accepted libcrypt-openssl-x509-perl 1.9.10-1 (source) into unstable (Florian Schlichting)
  • [2020-11-23] libcrypt-openssl-x509-perl 1.9.02-1 MIGRATED to testing (Debian testing watch)
  • [2020-11-20] Accepted libcrypt-openssl-x509-perl 1.9.02-1 (source) into unstable (gregor herrmann)
  • [2020-11-19] libcrypt-openssl-x509-perl 1.9.01-1 MIGRATED to testing (Debian testing watch)
  • [2020-11-07] Accepted libcrypt-openssl-x509-perl 1.9.01-1 (source) into unstable (gregor herrmann)
  • [2019-11-06] libcrypt-openssl-x509-perl 1.8.13-1 MIGRATED to testing (Debian testing watch)
  • [2019-11-02] Accepted libcrypt-openssl-x509-perl 1.8.13-1 (source) into unstable (gregor herrmann)
  • [2018-12-25] libcrypt-openssl-x509-perl 1.8.12-1 MIGRATED to testing (Debian testing watch)
  • [2018-12-22] Accepted libcrypt-openssl-x509-perl 1.8.12-1 (source) into unstable (gregor herrmann)
  • 1
  • 2
bugs [bug history graph]
  • all: 0
links
  • homepage
  • lintian
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • other distros
  • security tracker
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 2.1.1-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing