-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 03 Apr 2026 12:05:32 +0200
Source: openssl
Architecture: source
Version: 3.5.5-1~deb13u2
Distribution: trixie-security
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Closes: 1130650
Changes:
 openssl (3.5.5-1~deb13u2) trixie-security; urgency=medium
 .
   * CVE-2026-2673 ("OpenSSL TLS 1.3 server may choose unexpected key agreement
     group") (Closes: #1130650).
   * CVE-2026-28387 ("Potential use-after-free in DANE client code")
   * CVE-2026-28389 ("Possible NULL dereference when processing CMS
     KeyAgreeRecipientInfo")
   * CVE-2026-28390 ("Possible NULL dereference when processing CMS
     KeyTransportRecipient Info")
   * CVE-2026-31789 ("Heap buffer overflow in hexadecimal conversion")
   * CVE-2026-31790 ("Incorrect failure handling in RSA KEM RSASVE
     encapsulation")
Checksums-Sha1:
 1b684312654efc3e4287d53d37d8c3ff30198f2e 2707 openssl_3.5.5-1~deb13u2.dsc
 72a5ebbdd30bc28a66f069e2d50c66a007c324d2 53104821 openssl_3.5.5.orig.tar.gz
 ff7a37d551ce7f25695266d29fb1439ba3f6b43f 833 openssl_3.5.5.orig.tar.gz.asc
 0e093b26fc47e8b99af77cca92281e94b215f58a 68136 openssl_3.5.5-1~deb13u2.debian.tar.xz
Checksums-Sha256:
 2cba43d38a2f4ca1ef09a89ccc348fc63a5a43a58850a913bca46c6ceeb007ed 2707 openssl_3.5.5-1~deb13u2.dsc
 b28c91532a8b65a1f983b4c28b7488174e4a01008e29ce8e69bd789f28bc2a89 53104821 openssl_3.5.5.orig.tar.gz
 eaef5b1054b84b8d1e6c61c9fc8867828be5ce686d0221580faf8bdc16489da9 833 openssl_3.5.5.orig.tar.gz.asc
 92355f8cd5112cb4d49b9487c30507e5f85fc5497ad85223aecf661566f5ad8e 68136 openssl_3.5.5-1~deb13u2.debian.tar.xz
Files:
 b28c013d3c00557c197d77ebf888e9df 2707 utils optional openssl_3.5.5-1~deb13u2.dsc
 9c86d929c3d1067e2c88239d7d1ce81b 53104821 utils optional openssl_3.5.5.orig.tar.gz
 7e827079c420b263e8dadfe6fafcdf40 833 utils optional openssl_3.5.5.orig.tar.gz.asc
 546d0630d836b93a246280c9d0b22cce 68136 utils optional openssl_3.5.5-1~deb13u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAmnP1/sACgkQBWQfF1cS
+luvYwv/fPMCAWEVdNBypeB0C2Dnot61OFmIpsykPkHwPP8HbSu4AOikXEQSki7j
6mg7hM7AJ0liwMSEpbihzawbc0mQ6KchyC4/fWz0RSH2QMk8aP6bM7WzGFC2hVP1
/PBZRhcqPf/Nj/u6+TgMJoS/11D3lZecnGYqXwWLvNnALNi8a7Z5vhBKGKvCqxsU
6tuGb7AdLt6m6Slm1hhIEHr8+0WdVBWTW5dLpTfiKusaf8pH5WoCY8/60ChjvwX6
LWSGq4Rikauix0HI3ryb8yJeNPOFtpvW0W5KfW/wFnN0Dc4gE/DPgj/+511FRJP1
VOjJULzFI68FDWuI44cmWyLug0yCI3oq3y7h7h4/IwqBX9B/XydElHf+PjQjwnTg
fGMYjGpIOiI7XdiuR+L4lwndktHKjqjnv8ZXCUwMPucT7Wr8Gd5TwAODcIa10k7+
CgBDc4YbwxYKj7Mhj3BgGpCg+COljnnrgpI+lDTVHx7RGZwKCPACLo2+Ox/BUid3
gdOG14Ne
=aD9m
-----END PGP SIGNATURE-----