openssl (3.6.1-1) [PTS] [DDPO]

OLD: VCS is behind the version in the archive: 3.5.5-1 < 3.6.1-1.

Git: https://salsa.debian.org/debian/openssl.git
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: debian/unstable
Path: debian/changelog
Repo size: 74588160
Browser: https://salsa.debian.org/debian/openssl
Last scan: 2026-02-13 13:55:04+00
Next scan: 2026-02-18 22:22:00+00
CI pipeline status: success

Debian changelog in Git:

openssl (3.5.5-1) unstable; urgency=medium

  * Import 3.5.5
   - CVE-2025-11187 (Improper validation of PBMAC1 parameters in PKCS#12 MAC
     verification)
   - CVE-2025-15467 (Stack buffer overflow in CMS AuthEnvelopedData parsing)
   - CVE-2025-15468 (NULL dereference in SSL_CIPHER_find() function on unknown
     cipher ID)
   - CVE-2025-15469 ("openssl dgst" one-shot codepath silently truncates inputs
     >16MB)
   - CVE-2025-66199 (TLS 1.3 CompressedCertificate excessive memory allocation)
   - CVE-2025-68160 (Heap out-of-bounds write in BIO_f_linebuffer on short
     writes)
   - CVE-2025-69418 (Unauthenticated/unencrypted trailing bytes with low-level
     OCB function calls)
   - CVE-2025-69419 (Out of bounds write in PKCS12_get_friendlyname() UTF-8
     conversion)
   - CVE-2025-69420 (Missing ASN1_TYPE validation in TS_RESP_verify_response()
     function)
   - CVE-2025-69421 (NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex
     function)
   - CVE-2026-22795 (Missing ASN1_TYPE validation in PKCS#12 parsing)
   - CVE-2026-22796 (ASN1_TYPE Type Confusion in the
   - PKCS7_digest_from_attributes() function)

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Tue, 27 Jan 2026 21:09:55 +0100

This branch is even with tag debian/openssl-3.5.5-1