-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 05 Jul 2026 15:43:31 -0600 Source: wolfssl Binary: libwolfssl-dev libwolfssl42t64 Architecture: i386 Version: 5.7.2-0.1+deb13u2 Distribution: trixie Urgency: high Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Jacob Barthelmeh Description: libwolfssl-dev - Development files for the wolfSSL encryption library libwolfssl42t64 - wolfSSL encryption library Changes: wolfssl (5.7.2-0.1+deb13u2) trixie; urgency=high . * Backport upstream security fixes. (See #1140765, #1140815) * CVE-2026-5194: require certificate signature OID to match issuer key OID. * CVE-2026-55960: validate negotiated certificate type for raw public keys. * CVE-2026-55961: reject degenerate certs-only PKCS#7 in PKCS7_verify. * CVE-2026-55962: require client cert on outstanding TLS 1.3 post- handshake auth. * CVE-2026-55967: reject AES-GCM cumulative size overflow in streaming update. * CVE-2026-6092: enforce Encrypt-then-MAC on the TLS resumption path. * CVE-2026-6094: bound encrypted content size in PKCS7 EnvelopedData. * CVE-2026-6325: bound index in SetSuitesHashSigAlgo to prevent OOB write. * CVE-2026-6329: reject PKCS#12 MAC length mismatch. * CVE-2026-6331: require exact HMAC tag length in EVP_DigestVerifyFinal. * CVE-2026-6450: reject CRLs with unrecognized critical extensions. * CVE-2026-6678: fix integer underflow in wc_PKCS7_DecryptOri. * CVE-2026-6681: respect caller output buffer size in PKCS7 decode. * CVE-2026-6731: apply DNS name constraints to Subject CN when no SAN. * CVE-2026-7511: report the verifying cert as the PKCS#7 signer. Checksums-Sha1: e5c5e94df9fe583814fb80089005b65f6dd6ab74 1486004 libwolfssl-dev_5.7.2-0.1+deb13u2_i386.deb 012758c7acd24bc0f8f424fb78b5abaf70af24fb 1051256 libwolfssl42t64_5.7.2-0.1+deb13u2_i386.deb 492a847e71093a7ae3cd19f52ce2a1129f63824e 6151 wolfssl_5.7.2-0.1+deb13u2_i386-buildd.buildinfo Checksums-Sha256: 8fe27ea8dab7d03e47b49cc7824a794052a74c12f5cb82d0f0b1f5866964b9ee 1486004 libwolfssl-dev_5.7.2-0.1+deb13u2_i386.deb 21d4ba7117ea3df9659f29c28b0bdb53dc073ddf4f697087ca248bd8694d0930 1051256 libwolfssl42t64_5.7.2-0.1+deb13u2_i386.deb 37d409df92321ce9feefdb861f60f59b783e10d2eea6d5d210ddc2626f1a6d4d 6151 wolfssl_5.7.2-0.1+deb13u2_i386-buildd.buildinfo Files: e10445a39e14fc70ccb0dedb43044094 1486004 libdevel optional libwolfssl-dev_5.7.2-0.1+deb13u2_i386.deb 69f4c8d3744137d77b9808363d6efb4e 1051256 libs optional libwolfssl42t64_5.7.2-0.1+deb13u2_i386.deb 19e2c1f05a95c80e9874286b83c9f516 6151 libs optional wolfssl_5.7.2-0.1+deb13u2_i386-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEPAUaMA0H0rOy6qBWf2INRiCdaWIFAmpZ/VcACgkQf2INRiCd aWLbHw/8Db7eXRnwPO8xs5SPDUoDXJCRHsYf031niBWtnqUh8Kde30wJX4Ql/ezO w/XTK4D9NrDHWGNC/y7fW4Oa51kPLzQxpZNKdRyU7QjKdDRXfmfC+e+57LFwG5fv AgQgoUw7ZsJ/HpDZO0uJPVzU5vwAMi2JyM2roGCkzn5H4Q8Uv9ppFYbUfNrLnIkJ TFXkVC0gfh5liBqFx8oJM9FriWmszXAf6MFpL66NVpcqyDzV9A0Z1dhVmGU30D2b 57P/5y59IVP76mUweo0lccL4oIpNUAt611lcmooNua763Z9xQWC5XKkKIR6yl3mI 75ztYUsLVnglzGcJ1teQk/SsSH0s+GcSPTCClUfg0i1OEsboVImz+tkKjcO6D4BI Cvl5TT/L3pBKDn6qW3umsonQY2yj+Gwogp8iR2syg881J6F7IFvOAq2Nw7KYoWyX FT/1BArYArDq0fLbngod1lKuVo8S2gZHwx99hu430BwlO3Iqs9YQ6KisIRsLQpw2 XMGe7Rjztkr7mS3FSrjkmTRf4SvSfSEDm9rJJoYyhdm+4N+b+qaoNwqL0lIUiFaq ATpj9pThYV9dk6TrPfxnm5J6y5993smBUHngDNKCldYxsmB3x7ZTcVMKttlsjnTY B+DxL7Ww8osOqhisgmFmDYqVayAnTrn3ShFtFpMVnD3GQJo6WNI= =qOUI -----END PGP SIGNATURE-----