Your message dated Sun, 21 Jun 2026 00:09:54 +0000
with message-id <[email protected]>
and subject line Bug#1140426: fixed in libcrypt-openssl-pkcs12-perl 1.96-1
has caused the Debian Bug report #1140426,
regarding libcrypt-openssl-pkcs12-perl: CVE-2026-9265
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1140426: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1140426
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libcrypt-openssl-pkcs12-perl
Version: 1.95-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libcrypt-openssl-pkcs12-perl.
CVE-2026-9265[0]:
| Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap
| OOB read in print_attribute UTF8STRING path. print_attribute()
| copies a UTF8STRING ASN.1 attribute value into a heap buffer sized
| exactly to its declared length via strncpy, leaving no NUL
| terminator. Downstream callers run strlen() on the result and pass
| the inflated length to newSVpvn(), copying attacker-influenced
| adjacent heap bytes into a Perl scalar.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-9265
https://www.cve.org/CVERecord?id=CVE-2026-9265
[1] https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55
[2]
https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/a7bd2f319fa8aab8177b3d767ea06dd85ceb3173
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libcrypt-openssl-pkcs12-perl
Source-Version: 1.96-1
Done: gregor herrmann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libcrypt-openssl-pkcs12-perl, which is due to be installed in the Debian FTP
archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
gregor herrmann <[email protected]> (supplier of updated
libcrypt-openssl-pkcs12-perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 21 Jun 2026 01:16:13 +0200
Source: libcrypt-openssl-pkcs12-perl
Architecture: source
Version: 1.96-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <[email protected]>
Changed-By: gregor herrmann <[email protected]>
Closes: 1140426
Changes:
libcrypt-openssl-pkcs12-perl (1.96-1) unstable; urgency=medium
.
* Team upload.
* Import upstream version 1.96.
Security: fix CVE-2026-9265 — heap out-of-bounds read in `print_attribute`
UTF8STRING path.
Closes: #1140426
Checksums-Sha1:
dea4174313f00a16da2f4681eab678fa05ea8556 2711
libcrypt-openssl-pkcs12-perl_1.96-1.dsc
5f47fa82bd7fccdf9aac1d3db46a8cc237df8676 215288
libcrypt-openssl-pkcs12-perl_1.96.orig.tar.gz
c83d2ede13eea32ce87e48cd7929fb9f2296c9a6 3196
libcrypt-openssl-pkcs12-perl_1.96-1.debian.tar.xz
Checksums-Sha256:
c40a9dacbecbfd9b6b48e2929767f92a0b3b532a0b74c1fcb0764fb4adf389da 2711
libcrypt-openssl-pkcs12-perl_1.96-1.dsc
c9cf4970eb0cc4482c6df3af3aedd2d31e8306e93c362990869b66fcec2b62ce 215288
libcrypt-openssl-pkcs12-perl_1.96.orig.tar.gz
6c22e53d832c1546657b463b22a6fc5eeff991eb45cde432fdd66be64c21cf80 3196
libcrypt-openssl-pkcs12-perl_1.96-1.debian.tar.xz
Files:
60f3f8a9fb4b99066bfc286b59770100 2711 perl optional
libcrypt-openssl-pkcs12-perl_1.96-1.dsc
fc175c9f5c952fc95160a9783b526882 215288 perl optional
libcrypt-openssl-pkcs12-perl_1.96.orig.tar.gz
bf5e6667bd25d84391f2a6c5e5462a25 3196 perl optional
libcrypt-openssl-pkcs12-perl_1.96-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmo3H8VfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgau/Q/6A/cZqv6P2yWcbBMEE8VWefaB7f4IuXxqPRq/wwjqicqKfY7YU6aXpB1j
Jp6lReZUJB9xcH2njVKCGp0iXO3FpNL1ThmlyiYK95PKhEyklfU1XN8O1xwIEfTR
Z3+GmrOQNidTm9yglxtYhJR0PBNqbWG9b352+ZXu3+jtxQ//GPrAdo4POZ5Iy1DC
X05M2WTNdRjRVBnR568kf/dmo3wu8i9ROVCZxpJGQL+JHylDBV2NntpqFgsqAIys
fX4/sRikXKgUxN7IRtXHTsNinla7Yg0RdY8gW8rinWADjm7jZOrjAoaSJjycRHhO
lyJymaZmLAalPQkXF+sQqqgKPICsukmqFFJDO7riS886C2NG33dKoL4Je1LD4fDA
2m55yuwbAOt1gJqsfcIzni8Xpx8NnIP/aYQzee/jKMwuZximUTfjIvzFVC/h8+wh
TGWbkXYawDiqsW1QhLFYkNKFY7Lzx28c6kkG9RQdHt/b7Fe8KjOFr4zSTiwOXB9U
D7ASwgrlvTkSX9OX+cQvQnLfa8X5W8D7ZAVK/CfswRwgTtzhiJPCC40dfcEO1WVB
3lVmAc60tvk6e1kjtl9dYVc+1BK/NPlir8sVfGxWdEga+G3K4maZK8dIW4wUMkFE
OKbKzB4ay63K3a6OKlMsaGACDwu8NYy+JHt42rheSpDWgZXJ/1A=
=IShp
-----END PGP SIGNATURE-----
pgpTTcen7Q3T_.pgp
Description: PGP signature
--- End Message ---