Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted openssl 3.5.5-1 (source) into unstable
Date: Tue, 27 Jan 2026 21:35:11 +0000
Signed by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 27 Jan 2026 21:09:55 +0100
Source: openssl
Architecture: source
Version: 3.5.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Changes:
 openssl (3.5.5-1) unstable; urgency=medium
 .
   * Import 3.5.5
    - CVE-2025-11187 (Improper validation of PBMAC1 parameters in PKCS#12 MAC
      verification)
    - CVE-2025-15467 (Stack buffer overflow in CMS AuthEnvelopedData parsing)
    - CVE-2025-15468 (NULL dereference in SSL_CIPHER_find() function on unknown
      cipher ID)
    - CVE-2025-15469 ("openssl dgst" one-shot codepath silently truncates inputs
      >16MB)
    - CVE-2025-66199 (TLS 1.3 CompressedCertificate excessive memory allocation)
    - CVE-2025-68160 (Heap out-of-bounds write in BIO_f_linebuffer on short
      writes)
    - CVE-2025-69418 (Unauthenticated/unencrypted trailing bytes with low-level
      OCB function calls)
    - CVE-2025-69419 (Out of bounds write in PKCS12_get_friendlyname() UTF-8
      conversion)
    - CVE-2025-69420 (Missing ASN1_TYPE validation in TS_RESP_verify_response()
      function)
    - CVE-2025-69421 (NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex
      function)
    - CVE-2026-22795 (Missing ASN1_TYPE validation in PKCS#12 parsing)
    - CVE-2026-22796 (ASN1_TYPE Type Confusion in the
    - PKCS7_digest_from_attributes() function)
Checksums-Sha1:
 b9f06b61a84a58aac68f1f1bb013975eb2035e57 2675 openssl_3.5.5-1.dsc
 72a5ebbdd30bc28a66f069e2d50c66a007c324d2 53104821 openssl_3.5.5.orig.tar.gz
 ff7a37d551ce7f25695266d29fb1439ba3f6b43f 833 openssl_3.5.5.orig.tar.gz.asc
 7c695896cbd0c9de1eb99104ad485e2b46ac43fe 49624 openssl_3.5.5-1.debian.tar.xz
Checksums-Sha256:
 d69a00b6ccd85feb5f2a8561a6d72bfa7254aca36532c67c34ef64ccf03ca882 2675 openssl_3.5.5-1.dsc
 b28c91532a8b65a1f983b4c28b7488174e4a01008e29ce8e69bd789f28bc2a89 53104821 openssl_3.5.5.orig.tar.gz
 eaef5b1054b84b8d1e6c61c9fc8867828be5ce686d0221580faf8bdc16489da9 833 openssl_3.5.5.orig.tar.gz.asc
 67b458af9dcae77751e1ce20866cd2fb3ff4b446c192e8491b04a6ef8a9ed490 49624 openssl_3.5.5-1.debian.tar.xz
Files:
 32ede53eca4f7213c465166f9787f0eb 2675 utils optional openssl_3.5.5-1.dsc
 9c86d929c3d1067e2c88239d7d1ce81b 53104821 utils optional openssl_3.5.5.orig.tar.gz
 7e827079c420b263e8dadfe6fafcdf40 833 utils optional openssl_3.5.5.orig.tar.gz.asc
 63902973cb64553fee78b9fee6bd3922 49624 utils optional openssl_3.5.5-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAml5LKMACgkQBWQfF1cS
+luQ0Av9HY2Pt2S+GHhgKPQVHeGc5FPp2L27vNBixLzAHLy3rBiyN86fQsDAs9CR
J+P2FFnHldG6EIMSdC8fQQgA5y9USBs0gIlJwep9g478te9YR4R412i6RabhEx8F
CfAj44LVaB19nfwN77G7pxADJDf3/ZaOZ+Qtx4hC1r/6h903KG3ylHPwraG9qdW3
74USPbbh50vpa2si40XtwCQ5ISbdfjdrm7GA/XZaY0XEzs7rw/mhvrZrno8lT4Q5
6P+7F5Jl6oHJROWI+FUfnWf0RVDXquNOoU6Rh2+m2VnSx6QnpLwu3GtXfE8Mu5yD
nky5/jK7Nyt3BNsiimZGSxKQhwDGgzXTli+N9/q5pMNSeXv1wKZRkclJST+bkZUg
HbmHhvb+or/zeE12amLzS1rBTlBtNg8gGQUfX+gEKAMV2//djwkjl0/0JXV5PseR
nRGGprlV9A4tPaFJAR9FV5c34Qi6GyeH8O66iw1zpbdF8ZcDEY78yW5yd1rhGrmn
POj8gmlD
=38PH
-----END PGP SIGNATURE-----
News for package openssl
