-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 24 Jan 2026 16:50:07 +0100 Source: openssl Architecture: source Version: 3.5.4-1~deb13u2 Distribution: trixie-security Urgency: medium Maintainer: Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net> Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Changes: openssl (3.5.4-1~deb13u2) trixie-security; urgency=medium . * CVE-2025-11187 (Improper validation of PBMAC1 parameters in PKCS#12 MAC verification) * CVE-2025-15467 (Stack buffer overflow in CMS AuthEnvelopedData parsing) * CVE-2025-15468 (NULL dereference in SSL_CIPHER_find() function on unknown cipher ID) * CVE-2025-15469 ("openssl dgst" one-shot codepath silently truncates inputs >16MB) * CVE-2025-66199 (TLS 1.3 CompressedCertificate excessive memory allocation) * CVE-2025-68160 (Heap out-of-bounds write in BIO_f_linebuffer on short writes) * CVE-2025-69418 (Unauthenticated/unencrypted trailing bytes with low-level OCB function calls) * CVE-2025-69419 (Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion) * CVE-2025-69420 (Missing ASN1_TYPE validation in TS_RESP_verify_response() function) * CVE-2025-69421 (NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function) * CVE-2026-22795 (Missing ASN1_TYPE validation in PKCS#12 parsing) * CVE-2026-22796 (ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function) Checksums-Sha1: 287729fb89e8fbfd6e544091a70b7d8e5007f5be 2707 openssl_3.5.4-1~deb13u2.dsc b75daac8e10f189abe28a076ba5905d363e4801f 53190367 openssl_3.5.4.orig.tar.gz 5f2dc895c3124ec1a04e17f2aa679f86ec49227c 833 openssl_3.5.4.orig.tar.gz.asc 2a1f2a04b97dcdfa1622496197eb85c0207936f2 65020 openssl_3.5.4-1~deb13u2.debian.tar.xz Checksums-Sha256: 646eb71bec0d395e564f1dd88e26ddede052200d37293bb03aa1372897b17dd8 2707 openssl_3.5.4-1~deb13u2.dsc 967311f84955316969bdb1d8d4b983718ef42338639c621ec4c34fddef355e99 53190367 openssl_3.5.4.orig.tar.gz cfcabcfc6e43237392e0ab42e2326fceb71037036c2adaa7ecc7e251778e38f4 833 openssl_3.5.4.orig.tar.gz.asc f9edcab4e1d849a6c29e1c7821516c19d7dead327bb78b015d07445622922437 65020 openssl_3.5.4-1~deb13u2.debian.tar.xz Files: 18b606ea5aef77be07e92a57f4c93408 2707 utils optional openssl_3.5.4-1~deb13u2.dsc 570a7ab371147b6ba72c6d0fed93131f 53190367 utils optional openssl_3.5.4.orig.tar.gz fc505832a9796504dcd48c14fd34c4cb 833 utils optional openssl_3.5.4.orig.tar.gz.asc eaf4b0d539d98d82a781db1aa41c479d 65020 utils optional openssl_3.5.4-1~deb13u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAml07cIACgkQBWQfF1cS +lv1Kwv/eXgnx1ZsldQNMANiiEReGnRipXaY109cUod3c6AUS1hUSVbbgMxSi4mu xolERHpKLe2qs5PkPVfrsUwnF6mcgUdDPROpAQSPF/D7wXQbz6zWbqJgtKcR0xDQ x0XJKZnUqdQ+Aq3JV/nZTywNnjiYXQrDdaDTcorx3+IhG8ILcqVhwqIFqA7Hwbje KKRh3Iw4VZqEIEJ4SYt5YDf19Pl2cSAgSFWTyihDSkI4GDrwPJ/0c3p+R1g91PgN v5hqKfvpjliRoCffeY4EoATYCKiaxck+QTy/r/Z0GRyzDpgW66Ip//VbJQkNMDoA c9mfII3ZsujnyObR4HCjyitPZzM01N9ZUhYUBVfGOGUOZRHdgyH+iTR0au8LgxgE Z9XIxdKUhc8IeamIJLNay1++9oi/lBjMx0aSrUi0Fud6XQ/Nh+sIlKmtLmPuaxW2 6gOpS4ABMmsvZ889/4im/Dbao+quDoTVNoFShUNztJv+xHJUqGuiPyN4IjwJOWue sqk5wHdN =5J2v -----END PGP SIGNATURE-----
