Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
27a9c904 by Salvatore Bonaccorso at 2026-06-09T23:41:00+02:00
Reserve DSA number for openssl update
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -968,16 +968,19 @@ CVE-2026-42770 (Issue summary: When
EVP_PKEY_derive_set_peer() is called with a
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-42769 (Issue Summary: An error in the callback used to verify the
certificate ...)
- openssl <unfixed>
+ [trixie] - openssl 3.5.6-1~deb13u2
[bookworm] - openssl <not-affected> (Vulnerable code not present)
[bullseye] - openssl <not-affected> (Vulnerable code not present)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-42768 (Issue summary: The CMS_decrypt and PKCS7_decrypt functions are
vulnera ...)
- openssl <unfixed>
+ [trixie] - openssl 3.5.6-1~deb13u2
[bookworm] - openssl <not-affected> (Vulnerable code not present)
[bullseye] - openssl <not-affected> (Vulnerable code not present)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-42767 (Issue summary: An attacker-controlled CMP (Certificate
Management Prot ...)
- openssl <unfixed>
+ [trixie] - openssl 3.5.6-1~deb13u2
[bookworm] - openssl <no-dsa> (Minor issue; can be fixed in next update)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-42766 (Issue summary: A specially crafted password-encrypted CMS
message can ...)
@@ -991,6 +994,7 @@ CVE-2026-42765 (Issue summary: When a partial-chain
certificate verification is
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-34181 (Issue Summary: The PKCS#12 file processing fails to perform
sufficient ...)
- openssl <unfixed>
+ [trixie] - openssl 3.5.6-1~deb13u2
[bookworm] - openssl <not-affected> (Vulnerable code not present)
[bullseye] - openssl <not-affected> (Vulnerable code not present)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
@@ -1008,6 +1012,7 @@ CVE-2026-45445 (Issue summary: When an application drives
an AES-OCB context thr
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-42764 (Issue summary: Receiving a QUIC initial packet with an invalid
token m ...)
- openssl <unfixed>
+ [trixie] - openssl 3.5.6-1~deb13u2
[bookworm] - openssl <not-affected> (Vulnerable code not present)
[bullseye] - openssl <not-affected> (Vulnerable code not present)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
@@ -1019,6 +1024,7 @@ CVE-2026-35188 (Issue summary: A malicious server can
exploit TLS OCSP stapling
NOTE: https://openssl-library.org/news/secadv/20260609.txt
CVE-2026-34183 (Issue summary: Remote peer may exhaust heap memory of the QUIC
server ...)
- openssl <unfixed>
+ [trixie] - openssl 3.5.6-1~deb13u2
[bookworm] - openssl <not-affected> (Vulnerable code not present)
[bullseye] - openssl <not-affected> (Vulnerable code not present)
NOTE: https://openssl-library.org/news/secadv/20260609.txt
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[09 Jun 2026] DSA-6335-1 openssl - security update
+ {CVE-2026-7383 CVE-2026-9076 CVE-2026-34180 CVE-2026-34182
CVE-2026-42766 CVE-2026-42770 CVE-2026-45445 CVE-2026-45446 CVE-2026-45447}
+ [bookworm] - openssl 3.0.20-1~deb12u2
+ [trixie] - openssl 3.5.6-1~deb13u2
[09 Jun 2026] DSA-6334-1 poppler - security update
{CVE-2025-43718 CVE-2025-52885 CVE-2026-10118}
[bookworm] - poppler 22.12.0-2+deb12u2
=====================================
data/dsa-needed.txt
=====================================
@@ -81,9 +81,6 @@ nss/oldstable
opennds/oldstable
pinged maintainer, but no reply yet. should most probably be bumped to 10.x
--
-openssl (carnil)
- Maintainer prepared update
---
pdfminer (carnil)
Required followup for CVE-2025-64512 as original fix was incomplete.
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27a9c904d5efb636307e3b6d076d67901113f0a1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27a9c904d5efb636307e3b6d076d67901113f0a1
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits