[Git][security-tracker-team/security-tracker][master] Track fixed version for openssl via unstable

Salvatore Bonaccorso (@carnil) Tue, 27 Jan 2026 13:44:54 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1b3b09ce by Salvatore Bonaccorso at 2026-01-27T22:44:13+01:00
Track fixed version for openssl via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -330,7 +330,7 @@ CVE-2026-24881 (In GnuPG before 2.5.17, a crafted CMS 
(S/MIME) EnvelopedData mes
        - gnupg2 <not-affected> (Vulnerable code not present)
        NOTE: https://dev.gnupg.org/T8044
 CVE-2025-11187 (Issue summary: PBMAC1 parameters in PKCS#12 files are missing 
validati ...)
-       - openssl <unfixed>
+       - openssl 3.5.5-1
        [trixie] - openssl 3.5.4-1~deb13u2
        [bookworm] - openssl <not-affected> (Vulnerable code introduced later)
        [bullseye] - openssl <not-affected> (Vulnerable code introduced later)
@@ -340,7 +340,7 @@ CVE-2025-11187 (Issue summary: PBMAC1 parameters in PKCS#12 
files are missing va
        NOTE: Testcases: 
https://github.com/openssl/openssl/commit/c716acac5e0e2216bcf3ab54036f0ef31ebe1b52
 (openssl-3.5.5)
 CVE-2025-15467 (Issue summary: Parsing CMS AuthEnvelopedData message with 
maliciously  ...)
        {DSA-6113-1}
-       - openssl <unfixed>
+       - openssl 3.5.5-1
        [bullseye] - openssl <not-affected> (Vulnerable code introduced later)
        NOTE: https://openssl-library.org/news/secadv/20260127.txt
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc
 (openssl-3.5.5)
@@ -350,21 +350,21 @@ CVE-2025-15467 (Issue summary: Parsing CMS 
AuthEnvelopedData message with malici
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/cdccf8f2ef17ae020bd69360c43a39306b89c381
 (openssl-3.0.19)
        NOTE: Test: 
https://github.com/openssl/openssl/commit/e0666f72294691a808443970b654412a6d92fa0f
 (openssl-3.0.19)
 CVE-2025-15468 (Issue summary: If an application using the SSL_CIPHER_find() 
function  ...)
-       - openssl <unfixed>
+       - openssl 3.5.5-1
        [trixie] - openssl 3.5.4-1~deb13u2
        [bookworm] - openssl <not-affected> (Vulnerable code introduced later)
        [bullseye] - openssl <not-affected> (Vulnerable code introduced later)
        NOTE: https://openssl-library.org/news/secadv/20260127.txt
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65
 (openssl-3.5.5)
 CVE-2025-15469 (Issue summary: The 'openssl dgst' command-line tool silently 
truncates ...)
-       - openssl <unfixed>
+       - openssl 3.5.5-1
        [trixie] - openssl 3.5.4-1~deb13u2
        [bookworm] - openssl <not-affected> (Vulnerable code introduced later)
        [bullseye] - openssl <not-affected> (Vulnerable code introduced later)
        NOTE: https://openssl-library.org/news/secadv/20260127.txt
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61
 (openssl-3.5.5)
 CVE-2025-66199 (Issue summary: A TLS 1.3 connection using certificate 
compression can  ...)
-       - openssl <unfixed>
+       - openssl 3.5.5-1
        [trixie] - openssl 3.5.4-1~deb13u2
        [bookworm] - openssl <not-affected> (Vulnerable code introduced later)
        [bullseye] - openssl <not-affected> (Vulnerable code introduced later)
@@ -372,43 +372,43 @@ CVE-2025-66199 (Issue summary: A TLS 1.3 connection using 
certificate compressio
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5
 (openssl-3.5.5)
 CVE-2025-68160 (Issue summary: Writing large, newline-free data into a BIO 
chain using ...)
        {DSA-6113-1}
-       - openssl <unfixed>
+       - openssl 3.5.5-1
        NOTE: https://openssl-library.org/news/secadv/20260127.txt
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0
 (openssl-3.5.5)
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6
 (openssl-3.0.19)
 CVE-2025-69418 (Issue summary: When using the low-level OCB API directly with 
AES-NI o ...)
        {DSA-6113-1}
-       - openssl <unfixed>
+       - openssl 3.5.5-1
        NOTE: https://openssl-library.org/news/secadv/20260127.txt
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8
 (openssl-3.5.5)
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347
 (openssl-3.0.19)
 CVE-2025-69419 (Issue summary: Calling PKCS12_get_friendlyname() function on a 
malicio ...)
        {DSA-6113-1}
-       - openssl <unfixed>
+       - openssl 3.5.5-1
        NOTE: https://openssl-library.org/news/secadv/20260127.txt
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535
 (openssl-3.5.5)
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296
 (openssl-3.0.19)
 CVE-2025-69420 (Issue summary: A type confusion vulnerability exists in the 
TimeStamp  ...)
        {DSA-6113-1}
-       - openssl <unfixed>
+       - openssl 3.5.5-1
        NOTE: https://openssl-library.org/news/secadv/20260127.txt
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e
 (openssl-3.5.5)
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a
 (openssl-3.0.19)
 CVE-2025-69421 (Issue summary: Processing a malformed PKCS#12 file can trigger 
a NULL  ...)
        {DSA-6113-1}
-       - openssl <unfixed>
+       - openssl 3.5.5-1
        NOTE: https://openssl-library.org/news/secadv/20260127.txt
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b
 (openssl-3.5.5)
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7
 (openssl-3.0.19)
 CVE-2026-22795 (Issue summary: An invalid or NULL pointer dereference can 
happen in an ...)
        {DSA-6113-1}
-       - openssl <unfixed>
+       - openssl 3.5.5-1
        NOTE: https://openssl-library.org/news/secadv/20260127.txt
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4
 (openssl-3.5.5)
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49
 (openssl-3.0.19)
 CVE-2026-22796 (Issue summary: A type confusion vulnerability exists in the 
signature  ...)
        {DSA-6113-1}
-       - openssl <unfixed>
+       - openssl 3.5.5-1
        NOTE: https://openssl-library.org/news/secadv/20260127.txt
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4
 (openssl-3.5.5)
        NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49
 (openssl-3.0.19)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b3b09cebbe9e29d4a294f287e381c021301f083

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b3b09cebbe9e29d4a294f287e381c021301f083
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version for openssl via unstable

Reply via email to