-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 05 Jul 2026 15:43:31 -0600
Source: wolfssl
Architecture: source
Version: 5.7.2-0.1+deb13u2
Distribution: trixie
Urgency: high
Maintainer: Jacob Barthelmeh <[email protected]>
Changed-By: Jacob Barthelmeh <[email protected]>
Changes:
 wolfssl (5.7.2-0.1+deb13u2) trixie; urgency=high
 .
   * Backport upstream security fixes. (See #1140765, #1140815)
   * CVE-2026-5194: require certificate signature OID to match issuer key
     OID.
   * CVE-2026-55960: validate negotiated certificate type for raw public
     keys.
   * CVE-2026-55961: reject degenerate certs-only PKCS#7 in PKCS7_verify.
   * CVE-2026-55962: require client cert on outstanding TLS 1.3 post-
     handshake auth.
   * CVE-2026-55967: reject AES-GCM cumulative size overflow in streaming
     update.
   * CVE-2026-6092: enforce Encrypt-then-MAC on the TLS resumption path.
   * CVE-2026-6094: bound encrypted content size in PKCS7 EnvelopedData.
   * CVE-2026-6325: bound index in SetSuitesHashSigAlgo to prevent OOB
     write.
   * CVE-2026-6329: reject PKCS#12 MAC length mismatch.
   * CVE-2026-6331: require exact HMAC tag length in
     EVP_DigestVerifyFinal.
   * CVE-2026-6450: reject CRLs with unrecognized critical extensions.
   * CVE-2026-6678: fix integer underflow in wc_PKCS7_DecryptOri.
   * CVE-2026-6681: respect caller output buffer size in PKCS7 decode.
   * CVE-2026-6731: apply DNS name constraints to Subject CN when no SAN.
   * CVE-2026-7511: report the verifying cert as the PKCS#7 signer.
Checksums-Sha1:
 6cfe935a7da3c0a90c2c54fcc77beadd8d540510 2040 wolfssl_5.7.2-0.1+deb13u2.dsc
 fda602d45b9482157c2d700abe23dad44f8535d5 44176 
wolfssl_5.7.2-0.1+deb13u2.debian.tar.xz
 4da75eefa59e99e661152b0ede649faf5d254186 5527 
wolfssl_5.7.2-0.1+deb13u2_source.buildinfo
Checksums-Sha256:
 b61bd9e726503a49e1d66244ff3d1aca5d15f08f489699d3f7c7b0acec72b1e8 2040 
wolfssl_5.7.2-0.1+deb13u2.dsc
 c4c31ffaa8e05e1132cb535cc0b0cd3083e04f134883ab039154f3857d0a96d8 44176 
wolfssl_5.7.2-0.1+deb13u2.debian.tar.xz
 3fae64eb70b74501de3492a7823a8b3adc445864b0ec297e1284d0eb70aca789 5527 
wolfssl_5.7.2-0.1+deb13u2_source.buildinfo
Files:
 3f84cd737ddec9fa4522c6775fd0be32 2040 libs optional 
wolfssl_5.7.2-0.1+deb13u2.dsc
 5c88677f401510e73d034b1337b36cee 44176 libs optional 
wolfssl_5.7.2-0.1+deb13u2.debian.tar.xz
 9644a18b7b7b7b40b6095afc8cd5843e 5527 libs optional 
wolfssl_5.7.2-0.1+deb13u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmpYwSwQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFOsvC/4kAa0vE2yWiuwc54tEuM0IqqZLdyWfUBSv
CDhf5qEInorCigHDQMn3S+YC7MLP3TsCCWbl7PocmMfhDXiG41l/5QOHa6wy2szR
C9yr73w+W4vyOuU5XfvI3ZhOu5WzED3DHcKQLtssfDtn/bY0eLQAjwkGuRM1XzDq
lyzTX6cyfLtnaodBr2m8h+t8CESgqE5f1li5hkjp/gO4EYTkXR6uSadlN4ygPSuv
wZPkqQXty+tCOQkhWMzVBcTr6JN5D2YcFop8ad8nucNXO9jAAyQDzrTIPxBDKNqZ
zkjENnN6oC8imWWpF5JgzP87C77VqMAEd1G52Hxvy1a20AcqurDSDijc8iddOFYQ
1fPV+6pKfEMPHEVLzkpUOWp+ZroFRzQjXk+Aa9y56gg4xZxLJEk2nr773bmn0KVA
SmoXcaeG7vZTETgxwC5u4voMzWMdLfngWyZYNqvlQAApX67mgQ84VYUfLQMJpCw+
fPCyWFBlaGjFsZoLBkMFyTKxjiTgIWI=
=y6OJ
-----END PGP SIGNATURE-----

Attachment: pgp8PHo9tzu9g.pgp
Description: PGP signature

Reply via email to