-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 05 Jul 2026 15:43:31 -0600 Source: wolfssl Binary: libwolfssl-dev libwolfssl42t64 Architecture: arm64 Version: 5.7.2-0.1+deb13u2 Distribution: trixie Urgency: high Maintainer: arm64 Build Daemon (arm-ubc-01) Changed-By: Jacob Barthelmeh Description: libwolfssl-dev - Development files for the wolfSSL encryption library libwolfssl42t64 - wolfSSL encryption library Changes: wolfssl (5.7.2-0.1+deb13u2) trixie; urgency=high . * Backport upstream security fixes. (See #1140765, #1140815) * CVE-2026-5194: require certificate signature OID to match issuer key OID. * CVE-2026-55960: validate negotiated certificate type for raw public keys. * CVE-2026-55961: reject degenerate certs-only PKCS#7 in PKCS7_verify. * CVE-2026-55962: require client cert on outstanding TLS 1.3 post- handshake auth. * CVE-2026-55967: reject AES-GCM cumulative size overflow in streaming update. * CVE-2026-6092: enforce Encrypt-then-MAC on the TLS resumption path. * CVE-2026-6094: bound encrypted content size in PKCS7 EnvelopedData. * CVE-2026-6325: bound index in SetSuitesHashSigAlgo to prevent OOB write. * CVE-2026-6329: reject PKCS#12 MAC length mismatch. * CVE-2026-6331: require exact HMAC tag length in EVP_DigestVerifyFinal. * CVE-2026-6450: reject CRLs with unrecognized critical extensions. * CVE-2026-6678: fix integer underflow in wc_PKCS7_DecryptOri. * CVE-2026-6681: respect caller output buffer size in PKCS7 decode. * CVE-2026-6731: apply DNS name constraints to Subject CN when no SAN. * CVE-2026-7511: report the verifying cert as the PKCS#7 signer. Checksums-Sha1: cd7b49efaa4d02b60ff42f9fb4ac248c566d2679 1371888 libwolfssl-dev_5.7.2-0.1+deb13u2_arm64.deb 0cdcaeecb8383ab3bc77dee50da907695ac9b115 923920 libwolfssl42t64_5.7.2-0.1+deb13u2_arm64.deb a188d2bd48e39bbd218826a88bc3dc6cc626da99 6231 wolfssl_5.7.2-0.1+deb13u2_arm64-buildd.buildinfo Checksums-Sha256: f85105ae396a1bc82875d778025a7b7fb10251bcb2dab52f8d62efafe7ce052a 1371888 libwolfssl-dev_5.7.2-0.1+deb13u2_arm64.deb 1444270448db8119b5cb0086305e717b8a5e5e0ff0be376c5acba2685127c4e6 923920 libwolfssl42t64_5.7.2-0.1+deb13u2_arm64.deb 972065403ba3a1f24bce8bf726894e252ff0c7232e390267dfcf9d20dca77320 6231 wolfssl_5.7.2-0.1+deb13u2_arm64-buildd.buildinfo Files: 14d0e810288768f50079afc22814b0fd 1371888 libdevel optional libwolfssl-dev_5.7.2-0.1+deb13u2_arm64.deb 7c317cb92abf0777510366b688ddea1b 923920 libs optional libwolfssl42t64_5.7.2-0.1+deb13u2_arm64.deb 9addf6f6ed84af6711d60a216e6251a3 6231 libs optional wolfssl_5.7.2-0.1+deb13u2_arm64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0Ha//LlsGOpbQ/H4xqCFmsOWgoYFAmpZ/V8ACgkQxqCFmsOW goa60w/+PS33dycAxFl7//vbBSV67Id1YiKRotr5M9ABMugfH/RJ8Chi5IjXts2X kVCHWBBFGwQCh7dnTZuQHCAcK+zFQrqZCglvU0ukhhxkO477dwJHc5nr0m80LtIa T6ucx3Qw+thjhJLA7wp//idfdOkUV9/ALcqQhmU03LCJKUoF+q1psssayMgjUEj8 /BUmdTz8abXu3mIXGuQh3KQqx59LC8qQrVq9+/DXLdXKKCNANqSj7HuG5hCZ35N6 et5hRYfgAwg1FRnc4stGlO6fR3y2j3Jr64+qJb++6n7Y9cSGIdyYmCWQDq03uGVI Sm3m9KHiFtXzA/qrwhOLKlBEkrX/ZOxfDP6kjY+ZN92AJ4d/yoDIZFtND6gqn+up GS8OxHbr151NS7g3Su4VlvD76+/ERqplQX25Pnf2ChWyimpv18zoxTfptRbcLGSD PTRN09Rn+9BRRGA3GFKblqbQPw/p0X/+lLjxja3h/CsJuPxIAmoz0VdrE3m5lIHF /XRTundJzYqQskYeCD+zDTNndljDVuFnESqmKMTI23oKB7hSqdaT2FRuM90rE5dO VYc5iseXMpXAwdFuaCc2GVqFM88Mo4F1VkqEYM4sJH8PbHj+Y1DvNmk2ZPUqLplm s3jevuWdZbMDK6RegcCrX4uCTulygPDYOIBzTrjSZSBpImqjDCw= =V1Ie -----END PGP SIGNATURE-----