-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 05 Jul 2026 15:43:31 -0600 Source: wolfssl Binary: libwolfssl-dev libwolfssl42t64 Architecture: s390x Version: 5.7.2-0.1+deb13u2 Distribution: trixie Urgency: high Maintainer: s390x Build Daemon (zandonai) Changed-By: Jacob Barthelmeh Description: libwolfssl-dev - Development files for the wolfSSL encryption library libwolfssl42t64 - wolfSSL encryption library Changes: wolfssl (5.7.2-0.1+deb13u2) trixie; urgency=high . * Backport upstream security fixes. (See #1140765, #1140815) * CVE-2026-5194: require certificate signature OID to match issuer key OID. * CVE-2026-55960: validate negotiated certificate type for raw public keys. * CVE-2026-55961: reject degenerate certs-only PKCS#7 in PKCS7_verify. * CVE-2026-55962: require client cert on outstanding TLS 1.3 post- handshake auth. * CVE-2026-55967: reject AES-GCM cumulative size overflow in streaming update. * CVE-2026-6092: enforce Encrypt-then-MAC on the TLS resumption path. * CVE-2026-6094: bound encrypted content size in PKCS7 EnvelopedData. * CVE-2026-6325: bound index in SetSuitesHashSigAlgo to prevent OOB write. * CVE-2026-6329: reject PKCS#12 MAC length mismatch. * CVE-2026-6331: require exact HMAC tag length in EVP_DigestVerifyFinal. * CVE-2026-6450: reject CRLs with unrecognized critical extensions. * CVE-2026-6678: fix integer underflow in wc_PKCS7_DecryptOri. * CVE-2026-6681: respect caller output buffer size in PKCS7 decode. * CVE-2026-6731: apply DNS name constraints to Subject CN when no SAN. * CVE-2026-7511: report the verifying cert as the PKCS#7 signer. Checksums-Sha1: 1ca9a0277e1f94d48b973df17b6a4b1190e07f8e 1381672 libwolfssl-dev_5.7.2-0.1+deb13u2_s390x.deb 2e226ea938da31815d4307eb561ff91edfc7c973 958148 libwolfssl42t64_5.7.2-0.1+deb13u2_s390x.deb 89a9fc4e6fac866ba70595628c5ce81d56f08ea3 6109 wolfssl_5.7.2-0.1+deb13u2_s390x-buildd.buildinfo Checksums-Sha256: 3fbfb34e9c6e9ae370c1b9cb1e1fce2512adcce012d1f727d861c3edceb3873b 1381672 libwolfssl-dev_5.7.2-0.1+deb13u2_s390x.deb b4d8f421bcffec860809eb8d916496c6aef918044ea85bfc6620d4af4600b916 958148 libwolfssl42t64_5.7.2-0.1+deb13u2_s390x.deb 1a603895eb020018015efdd684bffda0505cd8aa2014a2e83a7e3e6067f3b103 6109 wolfssl_5.7.2-0.1+deb13u2_s390x-buildd.buildinfo Files: 2ca220721b6e9a5ee6849c05c51b9a02 1381672 libdevel optional libwolfssl-dev_5.7.2-0.1+deb13u2_s390x.deb aaeecec631bf1d6cea465446b51a2641 958148 libs optional libwolfssl42t64_5.7.2-0.1+deb13u2_s390x.deb 4b70d43dcfe691c30608565e6e7c9f19 6109 libs optional wolfssl_5.7.2-0.1+deb13u2_s390x-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEENly2ANlpa4eeqnluvVOPI7pYNpgFAmpZ/T8ACgkQvVOPI7pY NpicNhAAhfvR3kkJkbfXG3ho//r88xoabVhMr/Q0mkFDvdfBE13ZAKqc6vJpoCw8 tnycNKIgKXchPvr00eKq8IeaII8UD9V3hSrYinMLB5ebpOLLsYhhFTg6kF4LxtOX iSim1jqbME5ZBo41LgCobRNjgxumBdPQfqRa/N1hjsSet1bmhpXXTZWVKjauQ6/E P30G3rpX1+PMDn+al4X2p1Ti1qzj8vdVQYys4+U4EhJyGr4nbWHSea3BpDrIBCb8 RZ3z2OjFzDqRugiOJj9Zxbx05Qg6f853/OZ3pG31yDdSDQqNoy8VGz2i2mvWD4Mn 6biFDIIpcDUHQvjVImNRSKMF2aQDbJbU5Dj1vtz1ZEV29HnoOdB/9zAe7YhNhVpG SKS7F8AV5Cbg83wHOU5UaOyRRzzmpGXew/Bg8VKQg9Pe9xWmLtRB/5jMJ+vjyEfm VoTOEjgTZODerM2lPDIqP2MjejNjgv5XJmbX0CYKC+PWtwOaYqFTRWqIQ3rggxGB XFHeiRmh0myWUwprqle96yKC3uFihWYqwoOesbySqGZItt4f+ljSwTnN+yeXWMIQ 0bFC1kE2S2NbWcrGq3FMKJZjp5KeJZ83iziF+kcV4rYlC0Qx3cEgSrtXwL5qYR6M nIyNQc3BdAyEW8lWeQVq6tN2kgnoCuq98g16s7mIjsLkg8oneC4= =+dmA -----END PGP SIGNATURE-----