-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 05 Jul 2026 15:43:31 -0600 Source: wolfssl Binary: libwolfssl-dev libwolfssl42t64 Architecture: amd64 Version: 5.7.2-0.1+deb13u2 Distribution: trixie Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) Changed-By: Jacob Barthelmeh Description: libwolfssl-dev - Development files for the wolfSSL encryption library libwolfssl42t64 - wolfSSL encryption library Changes: wolfssl (5.7.2-0.1+deb13u2) trixie; urgency=high . * Backport upstream security fixes. (See #1140765, #1140815) * CVE-2026-5194: require certificate signature OID to match issuer key OID. * CVE-2026-55960: validate negotiated certificate type for raw public keys. * CVE-2026-55961: reject degenerate certs-only PKCS#7 in PKCS7_verify. * CVE-2026-55962: require client cert on outstanding TLS 1.3 post- handshake auth. * CVE-2026-55967: reject AES-GCM cumulative size overflow in streaming update. * CVE-2026-6092: enforce Encrypt-then-MAC on the TLS resumption path. * CVE-2026-6094: bound encrypted content size in PKCS7 EnvelopedData. * CVE-2026-6325: bound index in SetSuitesHashSigAlgo to prevent OOB write. * CVE-2026-6329: reject PKCS#12 MAC length mismatch. * CVE-2026-6331: require exact HMAC tag length in EVP_DigestVerifyFinal. * CVE-2026-6450: reject CRLs with unrecognized critical extensions. * CVE-2026-6678: fix integer underflow in wc_PKCS7_DecryptOri. * CVE-2026-6681: respect caller output buffer size in PKCS7 decode. * CVE-2026-6731: apply DNS name constraints to Subject CN when no SAN. * CVE-2026-7511: report the verifying cert as the PKCS#7 signer. Checksums-Sha1: f5515beb13fbde892226554fbec90eb33f27773c 1411208 libwolfssl-dev_5.7.2-0.1+deb13u2_amd64.deb 2f67cefc2e98bc3ae4b5bf585870f9c41c41566f 983028 libwolfssl42t64_5.7.2-0.1+deb13u2_amd64.deb 22d87b154a321e460628a742f32e6ed779ba8942 6247 wolfssl_5.7.2-0.1+deb13u2_amd64-buildd.buildinfo Checksums-Sha256: cf4674e42004de8c736545079fe60fa975bb66f230b3c48c33f4bb465c5ad467 1411208 libwolfssl-dev_5.7.2-0.1+deb13u2_amd64.deb 1f40deae081c71c6e35cbde167dd499eb93f62b250b6187089c97503c7d14780 983028 libwolfssl42t64_5.7.2-0.1+deb13u2_amd64.deb 6214a9c03b2af2b50ad5853b3df05ccd51e57ea6f59aac37a280e6a9db38c0cb 6247 wolfssl_5.7.2-0.1+deb13u2_amd64-buildd.buildinfo Files: df1cfe30a1fa96d23a5d30a3ab78c967 1411208 libdevel optional libwolfssl-dev_5.7.2-0.1+deb13u2_amd64.deb c453f743c102df3c36653a07aee2546c 983028 libs optional libwolfssl42t64_5.7.2-0.1+deb13u2_amd64.deb 8f9e30d813387124238321bce11e1d21 6247 libs optional wolfssl_5.7.2-0.1+deb13u2_amd64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE+i/sCsF3puL4e7qIGNGWmfrqILEFAmpZ/YcACgkQGNGWmfrq ILEaAhAAsuEKkFzLjfjfD0ouN7UPNGFc9x8PowI4CGJvu+u6wyPVHg1H3UgQ6Gzf rnr97iheLicOQ45srv/03QDrDhHV1lnmtmyT59xpTZ6dzd2kOT7We9Rx/bqdMi/Z /XGhy2yrHXYGl3IqTz9Ib/Vl0EN5FNw6gyBXfKNOaNV9aBPdDkgbJBFVyssTgMAd D3v6wp8oqnlRqo+VgMBB3J+bEu5Eo72Ol0pHULXaq9C5vZDSFwjhEaqnLzoc5rq5 ek/dRbc5YdUo6OiVOeSteYUJFGsmq/UY2hJd4IY8qAshwkNsvQukDAQITtpMZbHp ZSax8RWu6luaH0ovIkIpRMECD4hS4cj/z05WybBsYuGAk/8UWb/IkGNhlDEO1tFM CagsBcQZEQowhN4Bka7WLyg1sUBv2ZpgMnT/bIyL19UM0swimG4c/vs/BfVpED4c SOdnqbVtw8AtCBq+5zsGiXgQ6wS+mJzTJrV7m5FKokSSv76nTVtnPOYGax3ETYt1 9q6qmHnmpp54p640lwzL3k4Qf9nA1Bxnoeae3hbEOcACxpO3KpQPYO11sn6lxB6X BYfVZ4NNob2YTzvWXTR++YmkTBYKB6hTxyk9QplIPNSGOJDffZWBPtASmWaMDjRB ZkM76rh4ir1gznDH32O35o+ALCaRqLSN60tCdo47atfC3uepxd8= =KOUp -----END PGP SIGNATURE-----