Package: libssl3t64 Version: 3.6.2-1 Severity: grave Tags: upstream Justification: user security hole
Hey. There's multiple CVEs: https://openssl-library.org/news/secadv/20260609.txt includnig CVE-2026-45447 which potentially allows for RCE. These have all been fixed in stable 2 days ago, but unstable/testing have been left out (which seems unfortunate, given that probably many DDs/DMs also run on either of the two). Cheers, Chris. -- System Information: Debian Release: forky/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 7.0.12+deb14-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages libssl3t64 depends on: ii libc6 2.42-16 ii libzstd1 1.5.7+dfsg-3+b2 ii openssl-provider-legacy 3.6.2-1 ii zlib1g 1:1.3.dfsg+really1.3.2-3 libssl3t64 recommends no packages. libssl3t64 suggests no packages. -- no debconf information
