Skip to content

[pull] master from buildroot:master #837

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pull merged 1 commit into from
Jan 28, 2026
Merged

[pull] master from buildroot:master #837

pull merged 1 commit into from
Jan 28, 2026

Conversation

@pull
Copy link

@pull pull bot commented Jan 28, 2026
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

@jacmet @jolivain
package/libopenssl: security bump to version 3.6.1
fce7287 
Fixes the following vulnerabilities:

CVE-2025-11187 - Improper validation of PBMAC1 parameters in PKCS#12 MAC verification.
CVE-2025-15467 - Stack buffer overflow in CMS AuthEnvelopedData parsing.
CVE-2025-15468 - NULL dereference in SSL_CIPHER_find() function on unknown cipher ID.
CVE-2025-15469 - ‘openssl dgst’ one-shot codepath silently truncates inputs >16MB.
CVE-2025-66199 - TLS 1.3 CompressedCertificate excessive memory allocation.
CVE-2025-68160 - Heap out-of-bounds write in BIO_f_linebuffer on short writes.
CVE-2025-69418 - Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
CVE-2025-69419 - Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion.
CVE-2025-69420 - Missing ASN1_TYPE validation in TS_RESP_verify_response() function.
CVE-2025-69421 - NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
CVE-2026-22795 - Missing ASN1_TYPE validation in PKCS#12 parsing
CVE-2026-22796 - ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function

For more details, see the announcement:
https://openssl-library.org/post/2026-01-27-release-announcement/

Drop now upstreamed 0004-Scope-aes_cfb128_vaes_encdec_wrapper-to-x64.patch:
openssl/openssl@f529d26

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
@pull pull bot locked and limited conversation to collaborators Jan 28, 2026
@pull pull bot added the ⤵️ pull label Jan 28, 2026
@pull pull bot merged commit fce7287 into mir-one:master Jan 28, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jacmet