[Midnightbsd-cvs] [MidnightBSD/src] 7f13a9: Fix a number of CVEs in OpenSSL

Lucas Holt noreply at github.com
Tue Jan 27 23:00:59 EST 2026


  Branch: refs/heads/stable/4.0
  Home:   https://github.com/MidnightBSD/src
  Commit: 7f13a9258369a127a14a40fc8946121cd976db33
      https://github.com/MidnightBSD/src/commit/7f13a9258369a127a14a40fc8946121cd976db33
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2026-01-27 (Tue, 27 Jan 2026)

  Changed paths:
    M crypto/openssl/apps/s_client.c
    M crypto/openssl/crypto/asn1/a_strex.c
    M crypto/openssl/crypto/bio/bf_lbuf.c
    M crypto/openssl/crypto/modes/ocb128.c
    M crypto/openssl/crypto/pkcs12/p12_decr.c
    M crypto/openssl/crypto/pkcs12/p12_kiss.c
    M crypto/openssl/crypto/pkcs12/p12_utl.c
    M crypto/openssl/crypto/pkcs7/pk7_doit.c
    M crypto/openssl/crypto/ts/ts_rsp_verify.c

  Log Message:
  -----------
  Fix a number of CVEs in OpenSSL

  CVE-2025-68160 - Heap out-of-bounds write in BIO_f_linebuffer on short writes
  CVE-2025-69418 - Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
  CVE-2025-69419 - Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
  CVE-2025-69420 - Missing ASN1_TYPE validation in TS_RESP_verify_response() function
  CVE-2025-69421 - NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
  CVE-2026-22795 - Missing ASN1_TYPE validation in PKCS#12 parsing
  CVE-2026-22796 - ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function



To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications


More information about the Midnightbsd-cvs mailing list