Register | Log in

libcrypt-openssl-pkcs12-perl

Perl extension to OpenSSL's PKCS12 API

Choose email to subscribe with

general

source: libcrypt-openssl-pkcs12-perl (main)
version: 1.94-1
maintainer: Debian Perl Group (archive) (DMD) (LowNMU)
uploaders: Christopher Hoskin [DMD]
arch: any
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.3-1
stable: 1.94-1
testing: 1.94-1
unstable: 1.94-1

versioned links

1.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.94-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.95-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libcrypt-openssl-pkcs12-perl

action needed

2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:

CVE-2026-8507: Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().
CVE-2026-8721: Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to SvPV_nolen. The Perl length is discarded. The C code (or OpenSSL internally) calls strlen() on the buffer. Any password byte at or after the first NULL is silently dropped. Binary / KDF-derived / HMAC-derived passwords lose entropy without any warnings.

Created: 2026-05-17 Last update: 2026-05-18 08:00

2 security issues in forky high

There are 2 open security issues in forky.

2 important issues:

CVE-2026-8507: Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().
CVE-2026-8721: Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to SvPV_nolen. The Perl length is discarded. The C code (or OpenSSL internally) calls strlen() on the buffer. Any password byte at or after the first NULL is silently dropped. Binary / KDF-derived / HMAC-derived passwords lose entropy without any warnings.

Created: 2026-05-17 Last update: 2026-05-18 08:00

2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:

CVE-2026-8507: Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().
CVE-2026-8721: Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to SvPV_nolen. The Perl length is discarded. The C code (or OpenSSL internally) calls strlen() on the buffer. Any password byte at or after the first NULL is silently dropped. Binary / KDF-derived / HMAC-derived passwords lose entropy without any warnings.

Created: 2026-05-17 Last update: 2026-05-18 08:00

testing migrations

This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[2026-05-17] Accepted libcrypt-openssl-pkcs12-perl 1.95-1 (source) into unstable (gregor herrmann)
[2024-10-08] libcrypt-openssl-pkcs12-perl 1.94-1 MIGRATED to testing (Debian testing watch)
[2024-10-05] Accepted libcrypt-openssl-pkcs12-perl 1.94-1 (source) into unstable (gregor herrmann)
[2024-10-03] libcrypt-openssl-pkcs12-perl 1.93-1 MIGRATED to testing (Debian testing watch)
[2024-09-30] Accepted libcrypt-openssl-pkcs12-perl 1.93-1 (source) into unstable (gregor herrmann)
[2024-09-19] libcrypt-openssl-pkcs12-perl 1.92-1 MIGRATED to testing (Debian testing watch)
[2024-09-16] Accepted libcrypt-openssl-pkcs12-perl 1.92-1 (source) into unstable (gregor herrmann)
[2024-08-01] libcrypt-openssl-pkcs12-perl 1.91-1 MIGRATED to testing (Debian testing watch)
[2024-07-29] Accepted libcrypt-openssl-pkcs12-perl 1.91-1 (source) into unstable (gregor herrmann)
[2023-09-23] libcrypt-openssl-pkcs12-perl 1.9-3 MIGRATED to testing (Debian testing watch)
[2023-09-20] Accepted libcrypt-openssl-pkcs12-perl 1.9-3 (source) into unstable (gregor herrmann)
[2023-08-15] libcrypt-openssl-pkcs12-perl 1.9-2 MIGRATED to testing (Debian testing watch)
[2023-08-12] Accepted libcrypt-openssl-pkcs12-perl 1.9-2 (source) into unstable (gregor herrmann)
[2022-05-26] libcrypt-openssl-pkcs12-perl REMOVED from testing (Debian testing watch)
[2021-11-24] libcrypt-openssl-pkcs12-perl 1.9-1 MIGRATED to testing (Debian testing watch)
[2021-11-21] Accepted libcrypt-openssl-pkcs12-perl 1.9-1 (source) into unstable (gregor herrmann)
[2021-11-19] libcrypt-openssl-pkcs12-perl 1.8-1 MIGRATED to testing (Debian testing watch)
[2021-11-16] Accepted libcrypt-openssl-pkcs12-perl 1.8-1 (source) into unstable (gregor herrmann)
[2021-08-16] libcrypt-openssl-pkcs12-perl 1.7-1 MIGRATED to testing (Debian testing watch)
[2021-07-10] Accepted libcrypt-openssl-pkcs12-perl 1.7-1 (source) into unstable (Christopher Hoskin)
[2020-06-12] libcrypt-openssl-pkcs12-perl 1.3-1 MIGRATED to testing (Debian testing watch)
[2020-06-09] Accepted libcrypt-openssl-pkcs12-perl 1.3-1 (source) into unstable (gregor herrmann)
[2018-11-24] libcrypt-openssl-pkcs12-perl 1.2-1 MIGRATED to testing (Debian testing watch)
[2018-11-21] Accepted libcrypt-openssl-pkcs12-perl 1.2-1 (source) into unstable (Christopher Hoskin)
[2018-03-31] libcrypt-openssl-pkcs12-perl 1.0-1 MIGRATED to testing (Debian testing watch)
[2018-03-25] Accepted libcrypt-openssl-pkcs12-perl 1.0-1 (source) into unstable (gregor herrmann)
[2018-03-22] libcrypt-openssl-pkcs12-perl 0.9-1 MIGRATED to testing (Debian testing watch)
[2018-03-16] Accepted libcrypt-openssl-pkcs12-perl 0.9-1 (source) into unstable (Christopher Hoskin)
[2017-11-30] libcrypt-openssl-pkcs12-perl 0.8-1 MIGRATED to testing (Debian testing watch)
[2017-11-25] Accepted libcrypt-openssl-pkcs12-perl 0.8-1 (source) into unstable (Christopher Hoskin)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.94-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing