Skip to content

Security update: Import 10 patches from upstream#15

Open
UTsweetyfish wants to merge 1 commit intodeepin-community:masterfrom
UTsweetyfish:secadv-20260407
Open

Security update: Import 10 patches from upstream#15
UTsweetyfish wants to merge 1 commit intodeepin-community:masterfrom
UTsweetyfish:secadv-20260407

Conversation

@UTsweetyfish
Copy link
Copy Markdown
Contributor

@UTsweetyfish UTsweetyfish commented Apr 10, 2026

  • dane_match_cert() should X509_free() on ->mcert instead
    Fixes: CVE-2026-28387
  • Fix NULL deref in [ec]dh_cms_set_shared_info
    Fixes: CVE-2026-28389
  • Test for DH/ECDH CMS KARI processing NULL pointer dereference
  • Fix NULL deref in rsa_cms_decrypt
    Fixes: CVE-2026-28390
  • Add test for CMS decryption with RSA keys
  • Fix NULL Dereference When Delta CRL Lacks CRL Number Extension
    Fixes: CVE-2026-28388
  • Added test for CVE-2026-28388
  • Avoid possible buffer overflow in buf2hex conversion
    Fixes: CVE-2026-31789
  • rsa_kem: validate RSA_public_encrypt() result in RSASVE
    Fixes: CVE-2026-31790
  • rsa_kem: test RSA_public_encrypt() result in RSASVE

deepin-community/sig-deepin-security#310

@UTsweetyfish
Copy link
Copy Markdown
Contributor Author

UTsweetyfish commented Apr 10, 2026

/integrate

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 10, 2026

TAG Bot

TAG: 3.2.4-0deepin7
EXISTED: no
DISTRIBUTION: unstable

@UTsweetyfish UTsweetyfish mentioned this pull request Apr 10, 2026
Open
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 10, 2026

AutoIntegrationPr Bot
auto integrate with pr url: deepin-community/Repository-Integration#3808
PrNumber: 3808
PrBranch: auto-integration-24230536897

@deepin-community-ci-bot deepin-community-ci-bot bot mentioned this pull request Apr 10, 2026
Open
@deepin-ci-robot
Copy link
Copy Markdown
Contributor

deepin-ci-robot commented Apr 10, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from utsweetyfish. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@UTsweetyfish
Copy link
Copy Markdown
Contributor Author

UTsweetyfish commented Apr 10, 2026

/integrate

@UTsweetyfish
Security update: Import 10 patches from upstream
f9767be 
- dane_match_cert() should X509_free() on ->mcert instead
  Fixes: CVE-2026-28387
- Fix NULL deref in [ec]dh_cms_set_shared_info
  Fixes: CVE-2026-28389
- Test for DH/ECDH CMS KARI processing NULL pointer dereference
- Fix NULL deref in rsa_cms_decrypt
  Fixes: CVE-2026-28390
- Add test for CMS decryption with RSA keys
- Fix NULL Dereference When Delta CRL Lacks CRL Number Extension
  Fixes: CVE-2026-28388
- Added test for CVE-2026-28388
- Avoid possible buffer overflow in buf2hex conversion
  Fixes: CVE-2026-31789
- rsa_kem: validate RSA_public_encrypt() result in RSASVE
  Fixes: CVE-2026-31790
- rsa_kem: test RSA_public_encrypt() result in RSASVE

deepin-community/sig-deepin-security#310
@UTsweetyfish
Copy link
Copy Markdown
Contributor Author

UTsweetyfish commented Apr 10, 2026

/integrate

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BLumia BLumia Awaiting requested review from BLumia

@justforlxz justforlxz Awaiting requested review from justforlxz

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@UTsweetyfish @deepin-ci-robot