Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org> , <debian-experimental-changes@lists.debian.org>
Subject: Accepted openssl 4.0.0-1 (source amd64 all) into experimental
Date: Fri, 17 Apr 2026 08:08:54 +0000
Signed by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 16 Apr 2026 20:31:23 +0200
Source: openssl
Binary: libcrypto4-udeb libssl-dev libssl-doc libssl4 libssl4-dbgsym libssl4-udeb openssl openssl-dbgsym openssl-provider-fips openssl-provider-fips-dbgsym openssl-provider-legacy openssl-provider-legacy-dbgsym
Architecture: source amd64 all
Version: 4.0.0-1
Distribution: experimental
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Description:
 libcrypto4-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl4    - Secure Sockets Layer toolkit - shared libraries
 libssl4-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
 openssl-provider-fips - Secure Sockets Layer toolkit - cryptographic utility
 openssl-provider-legacy - Secure Sockets Layer toolkit - cryptographic utility
Closes: 1130650
Changes:
 openssl (4.0.0-1) experimental; urgency=medium
 .
   * Import 4.0.0
     - CVE-2026-2673 ("OpenSSL TLS 1.3 server may choose unexpected key agreement
       group") (Closes: #1130650).
     - CVE-2026-28387 ("Potential use-after-free in DANE client code")
     - CVE-2026-28389 ("Possible NULL dereference when processing CMS
       KeyAgreeRecipientInfo")
     - CVE-2026-28390 ("Possible NULL dereference when processing CMS
       KeyTransportRecipient Info")
     - CVE-2026-31789 ("Heap buffer overflow in hexadecimal conversion")
     - CVE-2026-31790 ("Incorrect failure handling in RSA KEM RSASVE
       encapsulation")
     - CVE-2026-28386 ("Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512
       Support")
     - CVE-2026-28388 ("NULL Pointer Dereference When Processing a Delta CRL")
Checksums-Sha1:
 1ef1e742dae5bdbd915958612b4ab690757e0e64 2669 openssl_4.0.0-1.dsc
 e59dde5179c4eae7ecc4f0530db8774d59558d22 55046677 openssl_4.0.0.orig.tar.gz
 4f0ccddaf7823ca1d383b2c45067830a06be040f 833 openssl_4.0.0.orig.tar.gz.asc
 cbc5bc14b89106416bad69ffbd82649cadfd95c8 48000 openssl_4.0.0-1.debian.tar.xz
 ac58f45c4bec3d2015507c6b791ca6047a90ac21 2030876 libcrypto4-udeb_4.0.0-1_amd64.udeb
 f478737d63978c7135e725967dda6994bfb73237 3010088 libssl-dev_4.0.0-1_amd64.deb
 da4b9fd3f3041f56350586765700a36635eba08f 2277348 libssl-doc_4.0.0-1_all.deb
 7bf4c634f00712aae01960c732375dbbd6b105e8 6231196 libssl4-dbgsym_4.0.0-1_amd64.deb
 a8103b4fe712f5504e0e56874f3c44c1b9e6f985 403360 libssl4-udeb_4.0.0-1_amd64.udeb
 db640de881b2d199f1b8a4a679b4e427d9f90465 2451476 libssl4_4.0.0-1_amd64.deb
 70af3adb2339887602fbd5fadfa892269b07883a 767832 openssl-dbgsym_4.0.0-1_amd64.deb
 2a19f516416cb03303de2058bfd86a0ff83416da 1947468 openssl-provider-fips-dbgsym_4.0.0-1_amd64.deb
 1549e4da85c51504ba3796e2d614ec812bfa2d2c 1154520 openssl-provider-fips_4.0.0-1_amd64.deb
 5b575763746ccefa9c87234cbf431eaf10c22ea6 106108 openssl-provider-legacy-dbgsym_4.0.0-1_amd64.deb
 72195d2848969867852a49d34fb492f56f0aeb23 323184 openssl-provider-legacy_4.0.0-1_amd64.deb
 20a441987359b7ea8a88bb1d99783a94a2e4b861 8916 openssl_4.0.0-1_amd64.buildinfo
 6a4fa9ee8adbc8e1484531b1e90c7549e9ea28e6 1548556 openssl_4.0.0-1_amd64.deb
Checksums-Sha256:
 7a3a723a0861fe2ced4355aaffda5529f6c3e9a74c7e2080e321e69cef279668 2669 openssl_4.0.0-1.dsc
 c32cf49a959c4f345f9606982dd36e7d28f7c58b19c2e25d75624d2b3d2f79ac 55046677 openssl_4.0.0.orig.tar.gz
 5d107fa7d63e4374f0268fbe4442d29edd62574311160e5ed29974f22dc1dc46 833 openssl_4.0.0.orig.tar.gz.asc
 0f9b9f6d32f1e639700e1054c2847ba0a096ac770a5cdd852df76a0527c5d9b3 48000 openssl_4.0.0-1.debian.tar.xz
 e5c0f822a549c2aed58060eecea37b65c837dedf5a00f51e9be2ad710e8c6f62 2030876 libcrypto4-udeb_4.0.0-1_amd64.udeb
 e5e8c971ec4c774b5b0cef242152fb5612fbde361cee92935ee1a04c97f7789b 3010088 libssl-dev_4.0.0-1_amd64.deb
 c2d4b5b18cad8ae64448f9da939b9631508a857832e3bc33502f7fe0beaca7a8 2277348 libssl-doc_4.0.0-1_all.deb
 fc7e9dac33ef7d77e9901777737e5633e8894af2c7103b03bfb9ed2f3f99fde8 6231196 libssl4-dbgsym_4.0.0-1_amd64.deb
 6e792e647f58e98b468c6cc2d77dbe20be50820345408348501c095f334e8ffb 403360 libssl4-udeb_4.0.0-1_amd64.udeb
 6c12125e515c8030cbb475e56eef2960c5753d6f7cd40cecbd385fcd67d5a434 2451476 libssl4_4.0.0-1_amd64.deb
 1ca0fd6b5593b83ffedfedfb6519280ae44893ab990ad07a707689f11cf69499 767832 openssl-dbgsym_4.0.0-1_amd64.deb
 54f2e58157df53e34836415b071b9deb583d6e6020126f44b3e13170aa0bd200 1947468 openssl-provider-fips-dbgsym_4.0.0-1_amd64.deb
 843f4c005515058c8f2813483a936911f866158d81e73b98ceabd5207d60a05d 1154520 openssl-provider-fips_4.0.0-1_amd64.deb
 6fa6f514792eff30bed296fee1f7b8c010bf0b01b47356ea247cda95a89cff66 106108 openssl-provider-legacy-dbgsym_4.0.0-1_amd64.deb
 78e78ae903b3da79c1f9282654d89a8df24236ef3e24001039ce331c970048bb 323184 openssl-provider-legacy_4.0.0-1_amd64.deb
 79e75720a7202459d04e0dffa07f0e715cb4a879729679809415ca2ab7acb7fe 8916 openssl_4.0.0-1_amd64.buildinfo
 5c8bf22c8be47b59a803408f396e7628f797875caa5e15e55c505a55f702cce0 1548556 openssl_4.0.0-1_amd64.deb
Files:
 379c8134cb6107b4971f05c1ffd4e3eb 2669 utils optional openssl_4.0.0-1.dsc
 f26714e6398a2d921fc5616daaa75231 55046677 utils optional openssl_4.0.0.orig.tar.gz
 7b8faa281f47f17edc39749e57ccb349 833 utils optional openssl_4.0.0.orig.tar.gz.asc
 03cd1deed01c53ae3748952e08903040 48000 utils optional openssl_4.0.0-1.debian.tar.xz
 a395242b30108e314436de298680f44c 2030876 debian-installer optional libcrypto4-udeb_4.0.0-1_amd64.udeb
 60ad3b2016dd7ec3d48a7a659a78402b 3010088 libdevel optional libssl-dev_4.0.0-1_amd64.deb
 a75be953d2cf0a6862790e77980cf01b 2277348 doc optional libssl-doc_4.0.0-1_all.deb
 5da285b7ec74a3a85e4cb716e7b4dbb3 6231196 debug optional libssl4-dbgsym_4.0.0-1_amd64.deb
 050c29f97a61a99fabb7ce8c3bece2ad 403360 debian-installer optional libssl4-udeb_4.0.0-1_amd64.udeb
 6005cde3da5ba55be15f98790400025c 2451476 libs optional libssl4_4.0.0-1_amd64.deb
 91f1e87be0f1bf2c858e8215e204f48d 767832 debug optional openssl-dbgsym_4.0.0-1_amd64.deb
 d4fd16185081173e0d4c6af7949d4f59 1947468 debug optional openssl-provider-fips-dbgsym_4.0.0-1_amd64.deb
 68e24658898bb57a2494e97e2a918148 1154520 utils optional openssl-provider-fips_4.0.0-1_amd64.deb
 a32e243f890f03f5988d260b628f893d 106108 debug optional openssl-provider-legacy-dbgsym_4.0.0-1_amd64.deb
 88d709984fd6dbd184358b2aa212aeb2 323184 utils optional openssl-provider-legacy_4.0.0-1_amd64.deb
 20e834d690a4efc0cc658bb17b975029 8916 utils optional openssl_4.0.0-1_amd64.buildinfo
 7d2408629a79e14d1d0813bcd3562eda 1548556 utils optional openssl_4.0.0-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAmnhyakACgkQBWQfF1cS
+ltczwwAp6SfOFx8BEjfIPByS1mlH19ZhYvhO4EDPTp8KNqLZBmg7XA2TVhAkXd+
ck9l9QJTXhu0EBTZAXWqlG4m1P0e26G5vPIhOVyMKYNs+XhrEfpu9P4wt5U59uP7
tR2iqwRmYqpCR9NPE16UVPGeUdHNexDTT06tbwpcVcvdEwpYnhZKbBfjkimVh74I
LcGPzHUxF6iZgs72AzSw1VQ9cWFq18GL6D7xMRy6c1Ax4TNJkUK+KCSLJjIrVi7K
PQobRnIp4gguuCuLscNUoC1dveaMRUgfVUvv81I3auhFWwSk2xLj4J9/XiGF2Kl8
YSIdq6A1MSXwxMTfCHF0agB6bHiZp30KlK/4GHPohzo16TNx7Xo9TGk0960ok6Yw
7pFU8vh6ygwbcAIbcfN+9NwoMsmwW6EUmpFVyuV1PzjYn+1VmUtpWkHDae8AodV3
cSxkQntF7jj2hEqRvg1xN6jvpYuAe+aXPeZuMRUIhVMlek4GdRcbgo7GuDxhWS5v
YjOFi9cP
=6I32
-----END PGP SIGNATURE-----
News for package openssl
