-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 05 Jul 2026 15:43:31 -0600 Source: wolfssl Binary: libwolfssl-dev libwolfssl42t64 Architecture: ppc64el Version: 5.7.2-0.1+deb13u2 Distribution: trixie Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-conova-01) Changed-By: Jacob Barthelmeh Description: libwolfssl-dev - Development files for the wolfSSL encryption library libwolfssl42t64 - wolfSSL encryption library Changes: wolfssl (5.7.2-0.1+deb13u2) trixie; urgency=high . * Backport upstream security fixes. (See #1140765, #1140815) * CVE-2026-5194: require certificate signature OID to match issuer key OID. * CVE-2026-55960: validate negotiated certificate type for raw public keys. * CVE-2026-55961: reject degenerate certs-only PKCS#7 in PKCS7_verify. * CVE-2026-55962: require client cert on outstanding TLS 1.3 post- handshake auth. * CVE-2026-55967: reject AES-GCM cumulative size overflow in streaming update. * CVE-2026-6092: enforce Encrypt-then-MAC on the TLS resumption path. * CVE-2026-6094: bound encrypted content size in PKCS7 EnvelopedData. * CVE-2026-6325: bound index in SetSuitesHashSigAlgo to prevent OOB write. * CVE-2026-6329: reject PKCS#12 MAC length mismatch. * CVE-2026-6331: require exact HMAC tag length in EVP_DigestVerifyFinal. * CVE-2026-6450: reject CRLs with unrecognized critical extensions. * CVE-2026-6678: fix integer underflow in wc_PKCS7_DecryptOri. * CVE-2026-6681: respect caller output buffer size in PKCS7 decode. * CVE-2026-6731: apply DNS name constraints to Subject CN when no SAN. * CVE-2026-7511: report the verifying cert as the PKCS#7 signer. Checksums-Sha1: 136ece3a2d6b3cd7e8739885d47e5e8c03e6941f 1512176 libwolfssl-dev_5.7.2-0.1+deb13u2_ppc64el.deb 2aa2a3ccf215efd3b02849c58ecd9c8f0cebb5e7 1066488 libwolfssl42t64_5.7.2-0.1+deb13u2_ppc64el.deb b78b9f99f38fc004acd6809c710e36e27cff581d 6249 wolfssl_5.7.2-0.1+deb13u2_ppc64el-buildd.buildinfo Checksums-Sha256: 393df8c8caf91dcdb5d6818254f586f4f69e2f1fb28ec3cd89ee84a6c6b4723f 1512176 libwolfssl-dev_5.7.2-0.1+deb13u2_ppc64el.deb 352bae1afd7a289530f81a05bf894f25b9b263c9e1cf9f813071837224479a6b 1066488 libwolfssl42t64_5.7.2-0.1+deb13u2_ppc64el.deb 8d71c7ab689d8c542883e5238041a1df4c061e4ba3f90eda1278448cc90c3e42 6249 wolfssl_5.7.2-0.1+deb13u2_ppc64el-buildd.buildinfo Files: c3c241b0fc296b720b6502eedf559dbe 1512176 libdevel optional libwolfssl-dev_5.7.2-0.1+deb13u2_ppc64el.deb 3898e2badbf31cc632524983fa022b49 1066488 libs optional libwolfssl42t64_5.7.2-0.1+deb13u2_ppc64el.deb 4011743abf4a8aa0b46946c87adfb983 6249 libs optional wolfssl_5.7.2-0.1+deb13u2_ppc64el-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEDoRc43uRWMOoIqIgDNLUPhbmg7MFAmpZ/V4ACgkQDNLUPhbm g7MI5Q//YFVcS5LIZSRKY0Mbv8tP9a9ZKYmDsF8E7Lzx+fH/Ao6XWidEFZlTHaYL LL7juM/iQTaDEWomHzat8WGJBmfUjzz8aMfqguCn6fHSO2oT9uZPA6isAsKOeNZL dUkj/5foQ+aw9uk9FyRuOOPCS7Cxl6Lo1ZdBSW94Y83gp+8JVRhvGY92NVyiH1Aw faN2gGHCwcHVAA+qrIVDaEBaafE1hDdIbMqDB6qbalv9/e6511BLYY5X72hTfdyL ofWcyYEbwr6fWzPHAK0jnrZFkpD3iFbokRqwN5kU2U2FM7PDO+LzASrMaQ0OqOvH fQbHNfUapTqSHRbN30SZgaB/homv4UCoPdxpYkyxBNTpvdDebAQ40e8Akl0sQV7e pU8F+A+GwCq+ck2FqFIC2mgiJYSSmitP9BQLg648e2yd/fISq6FKZNyVSfp4sByX fRenn2+lqpJcTGEyZJmzvgGSbuvfKiP+uHtnduA0urkrEThabHjhSl0GmtmGgwM5 6J4tFFkUpkJqOcu5/GYaZblsXlFkpJS9N0AJk/gk09uRNqkjGukJDW22qcx7K8/e hfNOK+jBSLlVORuH6YwNlyXF5fVFrUfgmresz/wv9vGJbsrrEr7x9QD2Cegr0Akz eWJtnt6BCiZfF3rl4l2fnajrlu8FF8d/gIktbwdEYrgPkDYI+E4= =Q2rC -----END PGP SIGNATURE-----