-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jan 2026 16:01:59 +0100
Source: openssl
Architecture: source
Version: 3.0.18-1~deb12u2
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Changes:
 openssl (3.0.18-1~deb12u2) bookworm-security; urgency=medium
 .
   * CVE-2025-15467 (Stack buffer overflow in CMS AuthEnvelopedData parsing)
   * CVE-2025-68160 (Heap out-of-bounds write in BIO_f_linebuffer on short
     writes)
   * CVE-2025-69418 (Unauthenticated/unencrypted trailing bytes with low-level
     OCB function calls)
   * CVE-2025-69419 (Out of bounds write in PKCS12_get_friendlyname() UTF-8
     conversion)
   * CVE-2025-69420 (Missing ASN1_TYPE validation in TS_RESP_verify_response()
     function)
   * CVE-2025-69421 (NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex
     function)
   * CVE-2026-22795 (Missing ASN1_TYPE validation in PKCS#12 parsing)
   * CVE-2026-22796 (ASN1_TYPE Type Confusion in the
     PKCS7_digest_from_attributes() function)
Checksums-Sha1:
 18c7815fc97ab4f4b1c1d64ec55caf064bdb3f85 2539 openssl_3.0.18-1~deb12u2.dsc
 7f81507dc4e9998eec0b2a646578e045e5e26afc 15348046 openssl_3.0.18.orig.tar.gz
 2699dfa57dde292ccf0ceb5fe9b4736df8bda747 833 openssl_3.0.18.orig.tar.gz.asc
 d22aeeaa2cf5d737c261f1689ffb25876b38d1ea 60008 openssl_3.0.18-1~deb12u2.debian.tar.xz
Checksums-Sha256:
 506cc0573793b9e6b7f2f8fc7467ec36ade27bff46c6eed0c4244e29c682735f 2539 openssl_3.0.18-1~deb12u2.dsc
 d80c34f5cf902dccf1f1b5df5ebb86d0392e37049e5d73df1b3abae72e4ffe8b 15348046 openssl_3.0.18.orig.tar.gz
 2e6cdbdf18511d435bac10990be4a789f769b321c0db734c234cd736a73674de 833 openssl_3.0.18.orig.tar.gz.asc
 d98e15795a2c379039e62ec061ca750c310d3e7c962812bc15677d5e2dcf1794 60008 openssl_3.0.18-1~deb12u2.debian.tar.xz
Files:
 7fbb9c1a97926929c94bce19dc09cbb8 2539 utils optional openssl_3.0.18-1~deb12u2.dsc
 2d36cbf0f4da1be108f174f58e0637fb 15348046 utils optional openssl_3.0.18.orig.tar.gz
 ecfec862c3c310be79c9c7e1850c1797 833 utils optional openssl_3.0.18.orig.tar.gz.asc
 e0fd90db71ff29ff5db82eddf37cd40e 60008 utils optional openssl_3.0.18-1~deb12u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAml07cUACgkQBWQfF1cS
+lsbKAwAgJuc8SsYA95h2Jx09y5jlhUGXJ629IUqj7jRoM9h/0kz9eRK/lNrfp9H
poHApqwtWa3sAzWfa4hOh8I467ceLrA18Tgo4Pvmw3wfxyutJsyxuzMaQ9xbtF6J
XvnVE9XSA5TgS2Y+a8TgxaeiaiHQ7tzOrq6NS+L6kGaAJNZZj97c94Zq38A5fq6I
8HkoltIHakm1wCFmBpW48v2EDhWu/cLoq+G7/2PH/aOqKFMySIo2W9QHj33/4cTx
F1KSCwFWxL4xARj0Am/npA4T/IYm89K9ivZWoN1j9u4WpiJ/WebKClJZb+nkeR8s
oew8QIS5vh0sVCOhbsckWnOPAfj+k6t+3L8BqhGyQ6bmpWU9DoHWap15w8n1Ol7+
EE3Pn1U7V7bTiEIyLcs+TuMtWwG3asFU6FLeVXnoPU+4iVVL5nsMJVZteyTnuuyK
DlAVWtgBMJkHeCsdpVkTm13TJQr+VC4UPKtKcBgj57t+m33X3vF3lsvjdch/bAxx
6weHxLUE
=8fW3
-----END PGP SIGNATURE-----