-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 06 Jun 2026 21:56:20 +0200 Source: openssl Binary: libcrypto3-udeb libssl-dev libssl3 libssl3-dbgsym libssl3-udeb openssl openssl-dbgsym Architecture: ppc64el Version: 3.0.20-1~deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-osuosl-02) Changed-By: Sebastian Andrzej Siewior Description: libcrypto3-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl3 - Secure Sockets Layer toolkit - shared libraries libssl3-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (3.0.20-1~deb12u2) bookworm-security; urgency=medium . * CVE-2026-7383 ("Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion") * CVE-2026-9076 ("Out-of-Bounds Read in CMS Password-Based Decryption") * CVE-2026-34180 ("Heap Buffer Over-read in ASN.1 Content Parsing") * CVE-2026-34182 ("CMS AuthEnvelopedData Processing May Accept Forged Messages") * CVE-2026-42766 ("Possible NULL Dereference in Password-Based CMS Decryption") * CVE-2026-42770 ("FFC-DH Peer Validation Uses Attacker-Supplied q") * CVE-2026-45445 ("AES-OCB IV Ignored on EVP_Cipher() Path") * CVE-2026-45446 ("Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes") * CVE-2026-45447 ("Heap Use-After-Free in OpenSSL PKCS7_verify()") Checksums-Sha1: 1bf910aec958133fe8b8d96eee02688db02f1133 1533928 libcrypto3-udeb_3.0.20-1~deb12u2_ppc64el.udeb 01ffd249c568172c36601c9be95f94f55c1de17f 2534876 libssl-dev_3.0.20-1~deb12u2_ppc64el.deb 2e379c6b2f59454a9c2573e59951930c0d0874d5 4642856 libssl3-dbgsym_3.0.20-1~deb12u2_ppc64el.deb dfe86027f6f915fa933aeae35a39a425444709d3 238748 libssl3-udeb_3.0.20-1~deb12u2_ppc64el.udeb 97e9c18a005186575cae1c643acd9883c07e0bc0 2049732 libssl3_3.0.20-1~deb12u2_ppc64el.deb 7a2d3ef6e79b34d32f747db2237f7d77b3017d7f 695816 openssl-dbgsym_3.0.20-1~deb12u2_ppc64el.deb 848a19eeb137c8b9b6c2aad605047574ed06c2af 7868 openssl_3.0.20-1~deb12u2_ppc64el-buildd.buildinfo a9979b868f792d787ef50877820b28a56f3392a9 1435352 openssl_3.0.20-1~deb12u2_ppc64el.deb Checksums-Sha256: 4a4fadfc709afa1fbc27ae3434f14b69821895d3bf0be729588a64d8d3552304 1533928 libcrypto3-udeb_3.0.20-1~deb12u2_ppc64el.udeb 2794681266dfa1f042e32200397cbef6f1e36aa7b6b2503179768c5f4c7b804d 2534876 libssl-dev_3.0.20-1~deb12u2_ppc64el.deb 8b4be26a73ed9ef9624a2bd36c34a36ef304dc7accd3937b8e485d9acdaddbdd 4642856 libssl3-dbgsym_3.0.20-1~deb12u2_ppc64el.deb 798a930339db5f6437ef014502cd3d439866a57fb38bf557ba531dcc262e00d7 238748 libssl3-udeb_3.0.20-1~deb12u2_ppc64el.udeb 63f6227ceee7fc5839c748e53da922d9805307cae9a2033f2acc3a7994c94656 2049732 libssl3_3.0.20-1~deb12u2_ppc64el.deb a79791363f748d9f31a0387720b018e2b0cade1208432992f610cce8e57d2764 695816 openssl-dbgsym_3.0.20-1~deb12u2_ppc64el.deb 0adace552eab363a31b4846e580913f5a7dc26df648791554042e795ef5759aa 7868 openssl_3.0.20-1~deb12u2_ppc64el-buildd.buildinfo 5f112231d7d28ee4bb780c4bdec1e5190572546184963c6b3746043ea57c5d28 1435352 openssl_3.0.20-1~deb12u2_ppc64el.deb Files: ffbe6d5cb6c92a383c7ee747b6e15aac 1533928 debian-installer optional libcrypto3-udeb_3.0.20-1~deb12u2_ppc64el.udeb 48a5a02040b180e47c5d141d11d4cb39 2534876 libdevel optional libssl-dev_3.0.20-1~deb12u2_ppc64el.deb 5270649724a0aaba696d6e4c0f0d2fdf 4642856 debug optional libssl3-dbgsym_3.0.20-1~deb12u2_ppc64el.deb df3a288922be5e4c99b1b868d938da6d 238748 debian-installer optional libssl3-udeb_3.0.20-1~deb12u2_ppc64el.udeb 6cb0109790cdb2b1ca4fa04ff63c91cf 2049732 libs optional libssl3_3.0.20-1~deb12u2_ppc64el.deb 756f17842f0fdf420f2558e22d67a75e 695816 debug optional openssl-dbgsym_3.0.20-1~deb12u2_ppc64el.deb 041089c5b6c9a0f1d24fa22a37cc9fd2 7868 utils optional openssl_3.0.20-1~deb12u2_ppc64el-buildd.buildinfo 9661b4814171f5b00522a1bc0b71a3b1 1435352 utils optional openssl_3.0.20-1~deb12u2_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE9ibmwdV9gdKNbK7oV8ucRsMTpuMFAmoklqoACgkQV8ucRsMT puMGEA/9Gao9IUbk2p9IXdYJAqzSOPluUkmY+HpMgaI9ecKCqinpoAQSiPRUHTCS pwecsZXUYYrZgIuie0ZHrlw6DnaJWoKDbGVdBnWsMaO9+hrz9t95qadbwwXHCO+6 peQ5T/Q69SDJsitry1kJwj5RhkVkbqZtyV9BQ/dPzG2o8WbYEhihceqj4/13/xss XJiGYBGGkin4NDLb8Bp27aUZSN28AXNFY7/XdnoF6vDxqrGu50xs7LrMKsu0EAVs JTVC9LKk9acfUPr/+4ncFVFvuG3Aiaghkx8cC/wVzuOUCPvFNmRIiWpIxZXNuDU7 N3LMzyG2VJNJUeP0LM5d/jXbbWwgRLrQiqiSU6s2qsRPhCdAbWC1Pi5Qjsk2wZI9 GyHUUEVeWo8ePul935BZh9E6kTfbgNsWc0d/1KrqwUpcaa+HCVoZHTxHRBkW/sNC iNSujgkQT4idpIcQvFBs1Rf5D96dg/tmRoGvi1teVthvvPfP/ITKnHfm64ikRphH 5ug8wMeywfvTwHFinTwFVYigaH4TscrnHoITqSR8a9clKDTuZNXqF9K4yJBfOwqI /XCv56faxpzzhlf2bwoNgkAe+yapisbI1egQS64f74zG5ob+f2vwLMq1miViveFb OIRYL/iA+DepZHbsLCqxQIKSMenLWLiFW3x+Zb5TTjamLfxwrCo= =M6vs -----END PGP SIGNATURE-----