-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 24 Jan 2026 16:01:59 +0100 Source: openssl Binary: libcrypto3-udeb libssl-dev libssl3 libssl3-dbgsym libssl3-udeb openssl openssl-dbgsym Architecture: ppc64el Version: 3.0.18-1~deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) Changed-By: Sebastian Andrzej Siewior Description: libcrypto3-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl3 - Secure Sockets Layer toolkit - shared libraries libssl3-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (3.0.18-1~deb12u2) bookworm-security; urgency=medium . * CVE-2025-15467 (Stack buffer overflow in CMS AuthEnvelopedData parsing) * CVE-2025-68160 (Heap out-of-bounds write in BIO_f_linebuffer on short writes) * CVE-2025-69418 (Unauthenticated/unencrypted trailing bytes with low-level OCB function calls) * CVE-2025-69419 (Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion) * CVE-2025-69420 (Missing ASN1_TYPE validation in TS_RESP_verify_response() function) * CVE-2025-69421 (NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function) * CVE-2026-22795 (Missing ASN1_TYPE validation in PKCS#12 parsing) * CVE-2026-22796 (ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function) Checksums-Sha1: 89ca0140d72dd66a3d642fd0448ce0ccc11d303d 1531364 libcrypto3-udeb_3.0.18-1~deb12u2_ppc64el.udeb 92b20f7739c1135a278772bbbb5db1fa85257b8c 2536044 libssl-dev_3.0.18-1~deb12u2_ppc64el.deb bc31290dd6913f7f54208922c66b8abf13dd595f 4644324 libssl3-dbgsym_3.0.18-1~deb12u2_ppc64el.deb 4e7276eeff527fc0d36ccb10bb7963d35c5305dd 239704 libssl3-udeb_3.0.18-1~deb12u2_ppc64el.udeb bc41384800a33ee07ad1d36e38172df8f06c9003 2044520 libssl3_3.0.18-1~deb12u2_ppc64el.deb 5cbdc3e884cf31bfb86e489ffd2eae6f23d5e80e 696576 openssl-dbgsym_3.0.18-1~deb12u2_ppc64el.deb dac2c87b4f05d582f2b32102d94b222180bffdf7 7860 openssl_3.0.18-1~deb12u2_ppc64el-buildd.buildinfo 9f33b1d27d2f26c963b1b41e851ad72ae6ff1c68 1429648 openssl_3.0.18-1~deb12u2_ppc64el.deb Checksums-Sha256: 911b14d5c18e5d6fc38a21b57dd5e55e93cf86c40cad4d2039bcc612cf2cbadb 1531364 libcrypto3-udeb_3.0.18-1~deb12u2_ppc64el.udeb 5692c8ebe073a5e7533542a5db298d89bef724b2423c8f641dfa01cb21bd003b 2536044 libssl-dev_3.0.18-1~deb12u2_ppc64el.deb 9bfcbc074be632cdbe3c8c1b7f30946ad19cd3e05fb59c60ebb935a757b8266c 4644324 libssl3-dbgsym_3.0.18-1~deb12u2_ppc64el.deb 3a8c542a79178dc4ffc958eda2282d33e963c146d9dbdc0233c542f96c5e1b1f 239704 libssl3-udeb_3.0.18-1~deb12u2_ppc64el.udeb b5f48b447b296ed45f857a34fdc42f42134ad26ababbe6b5b0e7ed56c8bedc54 2044520 libssl3_3.0.18-1~deb12u2_ppc64el.deb ae2f253814e6515914d02f47c7e95caff518fa1d6214d87376f42b7027ffd62b 696576 openssl-dbgsym_3.0.18-1~deb12u2_ppc64el.deb b4cddb86dccecb575d87b24f7abb464e7a571156e5f9fefaa3b27deeb3ceb70e 7860 openssl_3.0.18-1~deb12u2_ppc64el-buildd.buildinfo 269f301321dfd24a68a48c30d2e468176561681b0acdd50787e311b0232dd785 1429648 openssl_3.0.18-1~deb12u2_ppc64el.deb Files: 3820472367702fdc0721ac43de51a8a4 1531364 debian-installer optional libcrypto3-udeb_3.0.18-1~deb12u2_ppc64el.udeb 1231f5aa08f6c75b57d5895eb1cd4656 2536044 libdevel optional libssl-dev_3.0.18-1~deb12u2_ppc64el.deb bda2dc6aac0c1c33df4ea446a73d70c2 4644324 debug optional libssl3-dbgsym_3.0.18-1~deb12u2_ppc64el.deb 785fc356459f2396352567d6120c107e 239704 debian-installer optional libssl3-udeb_3.0.18-1~deb12u2_ppc64el.udeb 6405fc5bc13d8ded801cf0e675bcf725 2044520 libs optional libssl3_3.0.18-1~deb12u2_ppc64el.deb 15bbf8aa3f712d078f381ee352ee4dbb 696576 debug optional openssl-dbgsym_3.0.18-1~deb12u2_ppc64el.deb 5cf63c172cad968bda0bf5fd839b4408 7860 utils optional openssl_3.0.18-1~deb12u2_ppc64el-buildd.buildinfo 926b3bc171fe3b26eae955dc71d785a4 1429648 utils optional openssl_3.0.18-1~deb12u2_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEGHWM+bJZRznwgySGOrVShFbIMGEFAml0+JAACgkQOrVShFbI MGFgzRAAmrxGbxGfVdQJ/RCLB5cppBXiKiJ1EtwK9bNUEelhBTvKEUaWkM8rkpmB z85zFsJUxgvdEeD0QKTBk2oiiXPlNMhh+7/sCsVbPL9gaUGhfhfk7mTTMmzHmLwh CmAGgvQSlNqUD9D/SSM3K5ahniauRUTnIURkwnTSE8OZtFnEplFwuEKqN4BrD5xj JivkHDlXtfiun1SFlEo5RLUHdG4yzAaXqoL0fzXqd7hkeMy2hBRcqxNXwdpQAY4a lEtR0jEUvs48ZiEEzH3jOEgYkJsfAED0pCP6VwpFqzQxt7UX2HCbUS/+ionVfJL5 9g3ub4TbZYfP6ONLF978zMgi72fh00Shfa89gygPiPg1HH8JYdLT2oaHcSTGTPb9 o3rj07KFYs2iNHEZrdv6QQbcEHnZ/L66R+R+I1G0wbA58zJxsiTd000fZN55y3u2 G9UxDzU71fblHPzdeI/KIdD5ms0a6q0/erokBTzusiiyxibiQOQwoTjJXknfCNu+ 2fOLM16DvvCPTci/yQ8NIfTD+0noDgKJQu9wo6clVB5Dm2pPu8Trbz+jeRRGUB2T xalJgt9pqdBA12bcPLlG2NNCRGjPbt24jbjlO+NkNZ+iCBsTLEjQr0i3YJvEQDYD c2qdgVhFlmWObnxe7Uf5SlbF8buIuCljLxNHNQ8RkvGgSGhf0FI= =8gRk -----END PGP SIGNATURE-----