-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 03 Apr 2026 14:29:32 +0200 Source: openssl Binary: libcrypto3-udeb libssl-dev libssl3 libssl3-dbgsym libssl3-udeb openssl openssl-dbgsym Architecture: arm64 Version: 3.0.19-1~deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: arm Build Daemon (arm-conova-04) Changed-By: Sebastian Andrzej Siewior Description: libcrypto3-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl3 - Secure Sockets Layer toolkit - shared libraries libssl3-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (3.0.19-1~deb12u2) bookworm-security; urgency=medium . * CVE-2026-28387 ("Potential use-after-free in DANE client code") * CVE-2026-28389 ("Possible NULL dereference when processing CMS KeyAgreeRecipientInfo") * CVE-2026-28390 ("Possible NULL dereference when processing CMS KeyTransportRecipient Info") * CVE-2026-31789 ("Heap buffer overflow in hexadecimal conversion") * CVE-2026-31790 ("Incorrect failure handling in RSA KEM RSASVE encapsulation") Checksums-Sha1: 1f720736f1c43f7ec2a318c3735fa24ce2c0cd5c 1341788 libcrypto3-udeb_3.0.19-1~deb12u2_arm64.udeb c6e6ce35cd386b44c9f99e364f33829f3db03832 2309756 libssl-dev_3.0.19-1~deb12u2_arm64.deb e9d75c1e59b813f9aec5e583272abd3eef2adb7d 4510024 libssl3-dbgsym_3.0.19-1~deb12u2_arm64.deb 755ecc657b24b32f83a54a4f6f3485e02b67db81 201184 libssl3-udeb_3.0.19-1~deb12u2_arm64.udeb 0e80c4276fba1e0191bf66c5f2762b55c4f11f70 1820388 libssl3_3.0.19-1~deb12u2_arm64.deb c01d25aee19fe296d14017dc1125f2d2eece2c1c 684632 openssl-dbgsym_3.0.19-1~deb12u2_arm64.deb bf05648d8ca76199a1c4bdae02c3fec68045761e 7817 openssl_3.0.19-1~deb12u2_arm64-buildd.buildinfo c6c9633d494ee65b07ff0fc463e343dfb0ed5c36 1401896 openssl_3.0.19-1~deb12u2_arm64.deb Checksums-Sha256: 78148defdcdd7c3ef675474da68d0dbd1b490645c8f9baf2a88ab8de8d928a37 1341788 libcrypto3-udeb_3.0.19-1~deb12u2_arm64.udeb 3c3f223722bc0344088114164f9202cd172654f7777c0c43c8dd9013abe6019e 2309756 libssl-dev_3.0.19-1~deb12u2_arm64.deb bc2604717111c08b7ad5c55fe00d85712af65ae475b840a359d68783248526b8 4510024 libssl3-dbgsym_3.0.19-1~deb12u2_arm64.deb 77f94b8db1744b6e4619c185d589edae7506caae649e065f634952d61d9c7772 201184 libssl3-udeb_3.0.19-1~deb12u2_arm64.udeb 0361eb916f68a44947837bb26a63f3fd78de938d148cf4b49c93acfac1d550a3 1820388 libssl3_3.0.19-1~deb12u2_arm64.deb 164c41511807f1f47813bbf624727d798580248b78810b151d3ad8ea81fab044 684632 openssl-dbgsym_3.0.19-1~deb12u2_arm64.deb bfd37720c3bf1370aee2087ec601f5106f6e8a018501fa1e6a367dfac75b4bf1 7817 openssl_3.0.19-1~deb12u2_arm64-buildd.buildinfo 098f9a729189067495ff345f268b6fa332cb8055319ba857e83a8544d66fba97 1401896 openssl_3.0.19-1~deb12u2_arm64.deb Files: 26ac605925dbdc8df0f11a3a13458c75 1341788 debian-installer optional libcrypto3-udeb_3.0.19-1~deb12u2_arm64.udeb 29fe36b9660475bfb916c1a9ff5e10d1 2309756 libdevel optional libssl-dev_3.0.19-1~deb12u2_arm64.deb 1020db69e2ba990880c5872b3bca8c07 4510024 debug optional libssl3-dbgsym_3.0.19-1~deb12u2_arm64.deb a62be7ca22eb4e6f3d363f966279c4a7 201184 debian-installer optional libssl3-udeb_3.0.19-1~deb12u2_arm64.udeb 8f7d0055432bbe655d0bee7f434c0c0b 1820388 libs optional libssl3_3.0.19-1~deb12u2_arm64.deb 2aa4e41a0d067e1aac10b966b59b6818 684632 debug optional openssl-dbgsym_3.0.19-1~deb12u2_arm64.deb b66d0e4eefc3d855e536faaa2499a378 7817 utils optional openssl_3.0.19-1~deb12u2_arm64-buildd.buildinfo 568d2c50160430a35d30667e389f9c39 1401896 utils optional openssl_3.0.19-1~deb12u2_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYxmcRLDHP0tCCM0oScpU3dYulLgFAmnP4nAACgkQScpU3dYu lLi41Q/8C+91AjE82zOJ06/hWdj5vlCtpEPZoJwkDfjM7svaz1CLdCO8/H790+cA gUGAA2c06eiTLF7H2EaP3BfM4QjLmQnj6ChJG+q4hM5CFD64rsjepfp/8SEnUMFq u0+Vc9TYXIpdWmm7zspp0BVQKplVf3mXQa4Mfs+UHREjJ54xUyKwmBHsHSjjCYcR koyP/JqlnP0HaNQZGYwLr/Ur3rvggfuz57SZeQbtRIuhPl2ZPih+HnsPky+VhXuT v16694J8rA+3U4469nWObzDIkkdh3b42V3J2DADvZsyAk0+zHMSIqgON0S59G/A1 n65/+WuGDX9syLOasyUkYJgGMsMtFaLLskGS2FWxLfso9pamyt8sJwelE7GICX2H Rn2sjYD45u1ENvIXVrQ6oSWnXE35FuB1YqpwGy2NZziyPwJBOAlf+ymBJs+bNpJA rPPv/M1A+70r5N32A9R/K4oZTyNmmJzPv+FpJqCeo4FhQUd9NCsMIug6iGQ5+lJx nM3Xwip9fOCZxWHZFk8QLWJPbFOpviTd2V+gEXRkJ7PWYhwSaj8dWgOQLWlxDhEF B3FxUgNiuq+jt/Zqh1LbM7f2kbwY/bGA7hTLr1A/JJzl4MJswzX9NsmeSL2kb2KZ xiSzp7MOgmn9R/NlPdd3xZRuQaez8HfdZnPkd0rBveBRHOBGgvo= =IwNV -----END PGP SIGNATURE-----