Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted openssl 1.1.1w-0+deb11u8 (source) into oldoldstable-security
Date: Mon, 15 Jun 2026 02:10:17 +0000
Signed by: Arnaud Rebillout <arnaudr@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 11 Jun 2026 17:37:33 +0700
Source: openssl
Architecture: source
Version: 1.1.1w-0+deb11u8
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Changed-By: Arnaud Rebillout <arnaudr@debian.org>
Changes:
 openssl (1.1.1w-0+deb11u8) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2026-7383 ("Possible Heap Buffer Overflow in ASN.1 Multibyte String
     Conversion")
   * CVE-2026-9076 ("Out-of-Bounds Read in CMS Password-Based Decryption")
   * CVE-2026-34180 ("Heap Buffer Over-read in ASN.1 Content Parsing")
   * CVE-2026-42766 ("Possible NULL Dereference in Password-Based CMS
     Decryption")
   * CVE-2026-45447 ("Heap Use-After-Free in OpenSSL PKCS7_verify()")
Checksums-Sha1:
 d0c5af261b974dcc40a0e1953ffd807b6407bbdc 2684 openssl_1.1.1w-0+deb11u8.dsc
 76fbf3ca4370e12894a408ef75718f32cdab9671 9893384 openssl_1.1.1w.orig.tar.gz
 bca277263dfe1d951360eefda6c5eb01edc36462 833 openssl_1.1.1w.orig.tar.gz.asc
 3dc1b227af83efa1083faf5d4805a639ace3fef0 126496 openssl_1.1.1w-0+deb11u8.debian.tar.xz
 e7c9117dc3f25397496930073d876cf95533883b 5688 openssl_1.1.1w-0+deb11u8_source.buildinfo
Checksums-Sha256:
 92dfbc227edb3a124276544e5c4d92aa738167fb43b9cc98611362db559e0406 2684 openssl_1.1.1w-0+deb11u8.dsc
 cf3098950cb4d853ad95c0841f1f9c6d3dc102dccfcacd521d93925208b76ac8 9893384 openssl_1.1.1w.orig.tar.gz
 5e5c3694cda755231c0438ac3c96af00d7510abd7b916d79c51bb979567040db 833 openssl_1.1.1w.orig.tar.gz.asc
 1b9aab73493a39ccab81f22092abce8d4857deeb5a084c2dcf89e60ec108c818 126496 openssl_1.1.1w-0+deb11u8.debian.tar.xz
 3c3e690bf304f9326ffc844c3c440bf32a2c439993c4b9ea95762b4b63568d2f 5688 openssl_1.1.1w-0+deb11u8_source.buildinfo
Files:
 df747766d5f8a851bb4191aaf6ba88e5 2684 utils optional openssl_1.1.1w-0+deb11u8.dsc
 3f76825f195e52d4b10c70040681a275 9893384 utils optional openssl_1.1.1w.orig.tar.gz
 89d454a3aab2163ba2dda93510ea8089 833 utils optional openssl_1.1.1w.orig.tar.gz.asc
 2e94eeb38c59b9f15ef7b913cd0c32e9 126496 utils optional openssl_1.1.1w-0+deb11u8.debian.tar.xz
 ab199562bcac9cb65959a005318798b8 5688 utils optional openssl_1.1.1w-0+deb11u8_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEE0Kl7ndbut+9n4bYs5yXoeRRgAhYFAmovW9UTHGFybmF1ZHJA
ZGViaWFuLm9yZwAKCRDnJeh5FGACFvv9D/96meiKOlac2jb1kVivDke/CHUg7Pro
L0AeCTtuG5DI5JTe6qe2Y1uVgrTj394vULnqRwN9Qv319jYqunkfHCrFSrQN0R5L
c5bJFX8ojEeyqSzhxxdNdTbShEc3iuj+m4Y+SSkLrWRlZjvbMhZF8PAhQHBvaCGc
sFAOdCIz/xMGROWvURFI+IyyxSR8PINlGEv2ZrvCalyT7drZu2kt4yIKDrtPNna0
FfVuoOCgrvyBxNRVa5NBrFLAc97VQlmI9Oo4UofLHMDkvBAi00qJ51fV+I5rd7tV
y5iirdMmgTA7shgyU5RmIqEOEgP97gPNQuiycRad4SfeIlZdJ2HR+kaEM428vOzp
6CB0SaWIQVh8+jy99j3DVtmDqTuYxQA4AaI/N4Dk3y5Kr7N2oDkFukgkM9sVSfGc
C3IAC077eZ7xXoxu9JtZD626wRxbUZJjUBhmXc8DNC5kySt+Tfb93pDcudMDKRra
/Ap5RlqrluQCev/1YR3SL1S6P/YXIBjgm7VqcNUtm7l8g+E2IQvPFAIn48IURCvn
LHrJ0viEsyIeZ+s5omdMvI3r5rTPEfeIA9HCx7rtIy3Y8nLNT/kRGPgLvQwrLETT
evjgdw5kojBini400VskGWnteiMAj4MN6A8RDA3td/3DYWshfIiY5dAqFChiAYPk
oTpjLQFjaaYaNQ==
=VWLM
-----END PGP SIGNATURE-----

News for package openssl