-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 03 Apr 2026 14:29:32 +0200 Source: openssl Binary: libcrypto3-udeb libssl-dev libssl3 libssl3-dbgsym libssl3-udeb openssl openssl-dbgsym Architecture: s390x Version: 3.0.19-1~deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: s390x Build Daemon (ziehrer) Changed-By: Sebastian Andrzej Siewior Description: libcrypto3-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl3 - Secure Sockets Layer toolkit - shared libraries libssl3-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (3.0.19-1~deb12u2) bookworm-security; urgency=medium . * CVE-2026-28387 ("Potential use-after-free in DANE client code") * CVE-2026-28389 ("Possible NULL dereference when processing CMS KeyAgreeRecipientInfo") * CVE-2026-28390 ("Possible NULL dereference when processing CMS KeyTransportRecipient Info") * CVE-2026-31789 ("Heap buffer overflow in hexadecimal conversion") * CVE-2026-31790 ("Incorrect failure handling in RSA KEM RSASVE encapsulation") Checksums-Sha1: efb380913969ebd83da576696d2bba2c27a7d1f9 1160732 libcrypto3-udeb_3.0.19-1~deb12u2_s390x.udeb 03b0ff799f918bac289156647cc9836cae9070f8 2043848 libssl-dev_3.0.19-1~deb12u2_s390x.deb 20f2c69991a02cfd241a67dcc4d8015e957a0f76 4456044 libssl3-dbgsym_3.0.19-1~deb12u2_s390x.deb 11c0ff0e4bd641869a0378f454945f9abf015097 195980 libssl3-udeb_3.0.19-1~deb12u2_s390x.udeb d35be098ed00f1363d8340084cea40444f10df03 1634152 libssl3_3.0.19-1~deb12u2_s390x.deb 6f0a907dda44eea708ab741a0d2099e7fe666436 664320 openssl-dbgsym_3.0.19-1~deb12u2_s390x.deb d77bbb627c5fe882dbab3b47ecc2a23a98a8113f 7705 openssl_3.0.19-1~deb12u2_s390x-buildd.buildinfo 3a1b848869b6f84611319772ac57c95865bcefaf 1412312 openssl_3.0.19-1~deb12u2_s390x.deb Checksums-Sha256: 40d69e98fef625f79287e1a6efd962a6301de9bfa08bba48a30a49499a1ac7bb 1160732 libcrypto3-udeb_3.0.19-1~deb12u2_s390x.udeb 08ba7dfc3444d1caede27f533cd2d206f57af5caf16fae76ae3a238f94f5f3d1 2043848 libssl-dev_3.0.19-1~deb12u2_s390x.deb 737156f5f70f149adf1058984a2d66de1f60f4241ce7b24d3add153dab199011 4456044 libssl3-dbgsym_3.0.19-1~deb12u2_s390x.deb 603525fc7d63f6ba3b6284dd8c36f236aad8ea79d1aecfb2bf15177c1e3ae683 195980 libssl3-udeb_3.0.19-1~deb12u2_s390x.udeb 431cd0cc19bffc44b683bdcf9a38fccf8a5d76de8093897d34ec3f4f6607fb6d 1634152 libssl3_3.0.19-1~deb12u2_s390x.deb d1df2eb7859ed90b36f4a91685a8a733d264254bdf5345d81ee603aad35b9a5c 664320 openssl-dbgsym_3.0.19-1~deb12u2_s390x.deb 8d374f8391c07138c51f420605e495d1210407ddac2e19d8a5df246b0bef7b75 7705 openssl_3.0.19-1~deb12u2_s390x-buildd.buildinfo f95a5d0c6c53e32a8833c93d7f79b70cc45d24b16dba63a3dcad0ce7850e5179 1412312 openssl_3.0.19-1~deb12u2_s390x.deb Files: fed8a15c11fadb351362017ff72814a8 1160732 debian-installer optional libcrypto3-udeb_3.0.19-1~deb12u2_s390x.udeb 72341b8be6501475eea3d68cff830db4 2043848 libdevel optional libssl-dev_3.0.19-1~deb12u2_s390x.deb b9ea7454acfcad09086af8553a0aa8ff 4456044 debug optional libssl3-dbgsym_3.0.19-1~deb12u2_s390x.deb a016604d345590188a961da433ade4b9 195980 debian-installer optional libssl3-udeb_3.0.19-1~deb12u2_s390x.udeb a58624c97dd03b039558054475fbbdb4 1634152 libs optional libssl3_3.0.19-1~deb12u2_s390x.deb 54da3b3251d83ebf0418d58823c35a33 664320 debug optional openssl-dbgsym_3.0.19-1~deb12u2_s390x.deb ad72732e536e534a70dfebcc1a31b807 7705 utils optional openssl_3.0.19-1~deb12u2_s390x-buildd.buildinfo 4cbc999d04c8fba6a068335227020b73 1412312 utils optional openssl_3.0.19-1~deb12u2_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEl0BM/nR+Oj597wRWMWUFebkHnoQFAmnP4HcACgkQMWUFebkH noSttw/+MdWbl3sLhR8QN1bNDzgS/eDwkUTlwUYQB1EwQlfoktOgn9r+b+pdBu4q U/aWMucXWfCRJou1FigpxvX4y1dNgWRS4g9OEfyUJo6uhzYi957BUpMVSwrl/CD3 V6/w1G2Aee/gLbpSyVs4cP5DfdVRExjBaGEfF0V4LorrWocbW1lgL//qcPYDlFZM 043LXwj3XxuL4QL5yKWW+J2SgVxZhkvFpxUup1rq8DLapwlZMZg8w5o0CCJSO9oF A3kHui9x1uV4WTyPLVJ+2fN3bxoUmgV8lhYCTl/o600VvVoKHGjA9F2Q3mDkB7sp ZXaYJrnvu9Ls6DfU8rEu4wa7ETNB0f6xIpmYbyyJ7RQKTKG/E++nFJbhvBFDse8V Xa+/WqwgJQcPq5U6vMNSeDdqzuhw6qBhcahVzsPs010SnMO5pfrUaXCjevO/OwJw xMLkfIP1RV8dJGgh9Jrb4i6nrtNnKzFrp7GQ5K1fd/oPAOHuCkz+1tXrKbKNjtfx 1Dr9ISzgaUiHoPHTETVzQYD+pT0hjIZPcyRASKj5kEmrAw44mPYmZ9gzVmIuol6A 4Njik2Dri5A9ERWSdefcUkgxZvILso1iWwUPqgYKVmcA3nh+Pny/HkMezXSOCciR fhBynzRSih/APiFToikrVCuVjDy+cRb2wkfxylHcRRvP1VS71rE= =2piM -----END PGP SIGNATURE-----