[Midnightbsd-cvs] [MidnightBSD/src] ddb546: Fix OpenSSL PKCS7 empty digest verification
Lucas Holt
noreply at github.com
Wed Jul 1 13:53:12 EDT 2026
Branch: refs/heads/stable/4.0
Home: https://github.com/MidnightBSD/src
Commit: ddb5469c26d33103880e2fda1df02aebdc82515f
https://github.com/MidnightBSD/src/commit/ddb5469c26d33103880e2fda1df02aebdc82515f
Author: Lucas Holt <luke at foolishgames.com>
Date: 2026-07-01 (Wed, 01 Jul 2026)
Changed paths:
M UPDATING
M crypto/openssl/crypto/pkcs7/pk7_smime.c
Log Message:
-----------
Fix OpenSSL PKCS7 empty digest verification
Reject signed PKCS#7 data with no digest algorithms before PKCS7_dataInit() can build a BIO chain from caller-owned input. This prevents the CVE-2026-45447 verification use-after-free case on stable/4.0.
AI-Assisted-by: OpenAI Codex
To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications
More information about the Midnightbsd-cvs
mailing list