Debian Patches
Status for wolfssl/5.5.4-2+deb12u3
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| multi-arch.patch | Make header files multi-arch compatible Exclude architecture dependent option HAVE___UINT128 from config.h | Felix Lechner | no | debian | ||
| improve-clean-target.patch | Fix clean target for repeated builds | Felix Lechner <felix.lechner@lease-up.com> | no | 2017-12-18 | ||
| dfsg.patch | Strike references to removed non-DFSG sources from build files=================================================================== | Felix Lechner <felix.lechner@lease-up.com> | not-needed | |||
| fix-hurd-i386-flags.patch | Fix type definition for socklen_t on hurd-i386 Based on http://bugs.mysql.com/bug.php?id=22326 | Felix Lechner <felix.lechner@lease-up.com> | not-needed | 2017-04-22 | ||
| disable-crl-monitor.patch | Disable CRL monitor on all architectures CRL monitor is unavailable on Debian architecture kFreeBSD, causes FTBFS | Felix Lechner <felix.lechner@lease-up.com> | not-needed | debian | 2017-04-22 | |
| disable-jobserver.patch | Disable job server for autopkgtest. The Debian CI system kept showing regressions for using multiple make jobs: . FAIL stderr: make[2]: warning: -j3 forced in submake: resetting jobserver mode. . Perhaps this will disable the jobserver. |
Felix Lechner <felix.lechner@lease-up.com> | not-needed | |||
| cve-2023-3724.patch | add tls extension sanity check | Jacob Barthelmeh <jacob@wolfssl.com> | no | backport, 00f1eddee429ff51390b20caadd2eb6afe51e1aa | 2023-05-15 | |
| CVE-2025-7394.patch | Reseed DRBG in RAND_poll() | Josh Holtrop <josh@wolfssl.com> | no | 2025-06-05 | ||
| CVE-2026-6331.patch | CVE-2026-6331 - require exact HMAC tag length in EVP_DigestVerifyFinal A zero-length or truncated tag passed to wolfSSL_EVP_DigestVerifyFinal() was accepted, because the length check only rejected oversized tags and an XMEMCMP() of length zero returns a match. Require the supplied tag length to equal the MAC length exactly. =================================================================== |
wolfSSL | not-needed | debian | upstream, https://github.com/wolfSSL/wolfssl/commit/0749f20c33516897d8c5e2ab083b855e2d17d665 | 2026-06-29 |
| CVE-2026-6325.patch | CVE-2026-6325 - bound index in SetSuitesHashSigAlgo to prevent OOB write SetSuitesHashSigAlgo() parsed an application-supplied signature-algorithms list and wrote into the fixed-size suites->hashSigAlgo[WOLFSSL_MAX_SIGALGO] array without checking the running index, allowing an out-of-bounds write on an oversized list. Stop once the array would overflow. =================================================================== |
wolfSSL | not-needed | debian | upstream, https://github.com/wolfSSL/wolfssl/commit/f540bb3ddfef89db637809392522247ce3e8200c | 2026-06-29 |
| CVE-2026-6678.patch | CVE-2026-6678 - fix integer underflow in wc_PKCS7_DecryptOri =================================================================== |
wolfSSL | not-needed | debian | upstream, https://github.com/wolfSSL/wolfssl/commit/84fb0f694cfaac4187c0beba4298a4a8a7995235 | 2026-06-29 |
| CVE-2026-6329.patch | CVE-2026-6329 - reject PKCS#12 MAC length mismatch =================================================================== |
wolfSSL | not-needed | debian | upstream, https://github.com/wolfSSL/wolfssl/commit/9c304bdc099140ad2fdc41ef2f2602af9768c8a1 | 2026-06-29 |
| CVE-2026-6731.patch | CVE-2026-6731 - apply DNS name constraints to Subject CN when no SAN =================================================================== |
wolfSSL | not-needed | debian | upstream, https://github.com/wolfSSL/wolfssl/commit/e7b7fddacb4cc794e5dfc7693586d87a539f5aad | 2026-06-29 |
| CVE-2026-6094.patch | CVE-2026-6094 - bound encrypted content size in PKCS7 EnvelopedData =================================================================== |
wolfSSL | not-needed | debian | upstream, https://github.com/wolfSSL/wolfssl/commit/1397268aa12e2cf3f80c3acfa9b6036b809c08ef | 2026-06-29 |
| CVE-2026-6681.patch | CVE-2026-6681 - respect caller output buffer size in PKCS7 decode =================================================================== |
wolfSSL | not-needed | debian | upstream, https://github.com/wolfSSL/wolfssl/commit/1de4020fe4f3f911641ac0477227249d4dda2157 | 2026-06-29 |
| CVE-2026-6092.patch | CVE-2026-6092 - enforce Encrypt-then-MAC on TLS resumption path =================================================================== |
wolfSSL | not-needed | debian | upstream, https://github.com/wolfSSL/wolfssl/commit/af5369636a938faf4a79d1f550d3b206c51fafec | 2026-06-29 |
| CVE-2026-55962.patch | CVE-2026-55962 - require client cert on outstanding TLS1.3 post-handshake auth =================================================================== |
wolfSSL | not-needed | debian | upstream, https://github.com/wolfSSL/wolfssl/commit/f23544f09476d420becdfabd781eec0dd1a9c597 | 2026-06-29 |
| CVE-2026-55967.patch | CVE-2026-55967 - reject AES-GCM cumulative size overflow in streaming update =================================================================== |
wolfSSL | not-needed | debian | upstream, https://github.com/wolfSSL/wolfssl/commit/5def276e07e23b7b3b5842afbe526b4d3703ce13 | 2026-06-29 |
| CVE-2026-6450.patch | CVE-2026-6450 - reject CRLs with unrecognized critical extensions =================================================================== |
wolfSSL | not-needed | debian | upstream, https://github.com/wolfSSL/wolfssl/commit/857141da35b67a14a580fb26ec57af1efa68a1d9 | 2026-06-29 |
| CVE-2026-55961.patch | CVE-2026-55961 - reject degenerate certs-only PKCS#7 in wolfSSL_PKCS7_verify =================================================================== |
wolfSSL | not-needed | debian | upstream, https://github.com/wolfSSL/wolfssl/commit/d382439c7c63c07294cf4fcece0aa56a35399d15 | 2026-06-29 |
| CVE-2026-7511.patch | CVE-2026-7511 - report the verifying cert as the PKCS#7 signer =================================================================== |
wolfSSL | not-needed | debian | upstream, https://github.com/wolfSSL/wolfssl/commit/b7f6e77a95bfeda306b22dd34394e49c0a6c8a8c | 2026-06-29 |
| CVE-2026-5194.patch | CVE-2026-5194 - match cert signature OID to issuer key OID and enforce digest size limits =================================================================== |
wolfSSL | not-needed | debian | upstream, https://github.com/wolfSSL/wolfssl/commit/abce5be989ccd0665e2b9445abb856886975dfd1 | 2026-06-30 |
All known versions for source package 'wolfssl'
- 5.9.2-1 (sid)
- 5.7.2-0.1+deb13u1 (trixie)
- 5.5.4-2+deb12u3 (bookworm-security)
- 5.5.4-2+deb12u2 (bookworm)
