openssl (4.0.0-1) [PTS] [DDPO]

OLD: VCS is behind the version in the archive: 3.6.2-1 < 4.0.0-1.

Git: https://salsa.debian.org/debian/openssl.git
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: debian/unstable
Path: debian/changelog
Repo size: 45359104
Browser: https://salsa.debian.org/debian/openssl
Last scan: 2026-05-17 11:41:39+00
Error: https://salsa.debian.org/api/v4/projects/debian%2Fopenssl API request failed: 401 Unauthorized at /srv/qa.debian.org/data/vcswatch/vcswatch line 410.
Next scan: 2026-05-24 14:41:00+00

Debian changelog in Git:

openssl (3.6.2-1) unstable; urgency=medium

  * Import 3.6.2
   - CVE-2026-2673 ("OpenSSL TLS 1.3 server may choose unexpected key agreement
     group") (Closes: #1130650).
   - CVE-2026-28387 ("Potential use-after-free in DANE client code")
   - CVE-2026-28389 ("Possible NULL dereference when processing CMS
     KeyAgreeRecipientInfo")
   - CVE-2026-28390 ("Possible NULL dereference when processing CMS
     KeyTransportRecipient Info")
   - CVE-2026-31789 ("Heap buffer overflow in hexadecimal conversion")
   - CVE-2026-31790 ("Incorrect failure handling in RSA KEM RSASVE
     encapsulation")
   - CVE-2026-28386 ("Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512
     Support")
   - CVE-2026-28388 ("NULL Pointer Dereference When Processing a Delta CRL")

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Sat, 11 Apr 2026 16:27:58 +0200

This branch is even with tag debian/openssl-3.6.2-1