Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
27a9c904 by Salvatore Bonaccorso at 2026-06-09T23:41:00+02:00
Reserve DSA number for openssl update

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -968,16 +968,19 @@ CVE-2026-42770 (Issue summary: When 
EVP_PKEY_derive_set_peer() is called with a
        NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-42769 (Issue Summary: An error in the callback used to verify the 
certificate ...)
        - openssl <unfixed>
+       [trixie] - openssl 3.5.6-1~deb13u2
        [bookworm] - openssl <not-affected> (Vulnerable code not present)
        [bullseye] - openssl <not-affected> (Vulnerable code not present)
        NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-42768 (Issue summary: The CMS_decrypt and PKCS7_decrypt functions are 
vulnera ...)
        - openssl <unfixed>
+       [trixie] - openssl 3.5.6-1~deb13u2
        [bookworm] - openssl <not-affected> (Vulnerable code not present)
        [bullseye] - openssl <not-affected> (Vulnerable code not present)
        NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-42767 (Issue summary: An attacker-controlled CMP (Certificate 
Management Prot ...)
        - openssl <unfixed>
+       [trixie] - openssl 3.5.6-1~deb13u2
        [bookworm] - openssl <no-dsa> (Minor issue; can be fixed in next update)
        NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-42766 (Issue summary: A specially crafted password-encrypted CMS 
message can  ...)
@@ -991,6 +994,7 @@ CVE-2026-42765 (Issue summary: When a partial-chain 
certificate verification is
        NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-34181 (Issue Summary: The PKCS#12 file processing fails to perform 
sufficient ...)
        - openssl <unfixed>
+       [trixie] - openssl 3.5.6-1~deb13u2
        [bookworm] - openssl <not-affected> (Vulnerable code not present)
        [bullseye] - openssl <not-affected> (Vulnerable code not present)
        NOTE: https://openssl-library.org/news/secadv/20260609.txt
@@ -1008,6 +1012,7 @@ CVE-2026-45445 (Issue summary: When an application drives 
an AES-OCB context thr
        NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-42764 (Issue summary: Receiving a QUIC initial packet with an invalid 
token m ...)
        - openssl <unfixed>
+       [trixie] - openssl 3.5.6-1~deb13u2
        [bookworm] - openssl <not-affected> (Vulnerable code not present)
        [bullseye] - openssl <not-affected> (Vulnerable code not present)
        NOTE: https://openssl-library.org/news/secadv/20260609.txt
@@ -1019,6 +1024,7 @@ CVE-2026-35188 (Issue summary: A malicious server can 
exploit TLS OCSP stapling
        NOTE: https://openssl-library.org/news/secadv/20260609.txt
 CVE-2026-34183 (Issue summary: Remote peer may exhaust heap memory of the QUIC 
server  ...)
        - openssl <unfixed>
+       [trixie] - openssl 3.5.6-1~deb13u2
        [bookworm] - openssl <not-affected> (Vulnerable code not present)
        [bullseye] - openssl <not-affected> (Vulnerable code not present)
        NOTE: https://openssl-library.org/news/secadv/20260609.txt


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[09 Jun 2026] DSA-6335-1 openssl - security update
+       {CVE-2026-7383 CVE-2026-9076 CVE-2026-34180 CVE-2026-34182 
CVE-2026-42766 CVE-2026-42770 CVE-2026-45445 CVE-2026-45446 CVE-2026-45447}
+       [bookworm] - openssl 3.0.20-1~deb12u2
+       [trixie] - openssl 3.5.6-1~deb13u2
 [09 Jun 2026] DSA-6334-1 poppler - security update
        {CVE-2025-43718 CVE-2025-52885 CVE-2026-10118}
        [bookworm] - poppler 22.12.0-2+deb12u2


=====================================
data/dsa-needed.txt
=====================================
@@ -81,9 +81,6 @@ nss/oldstable
 opennds/oldstable
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x
 --
-openssl (carnil)
-  Maintainer prepared update
---
 pdfminer (carnil)
   Required followup for CVE-2025-64512 as original fix was incomplete.
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27a9c904d5efb636307e3b6d076d67901113f0a1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27a9c904d5efb636307e3b6d076d67901113f0a1
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to