[Deepin Integration]~[v25-Release] Security update: Import 10 patches from upstream by UTsweetyfish@deepin-community/openssl by deepin-community-ci-bot[bot]

[deepin-bot]

Package information | 软件包信息

包名	版本
openssl	3.2.4-0deepin7

Package repository address | 软件包仓库地址

deb [trusted=yes] https://ci.deepin.com/repo/obs/deepin:/CI:/TestingIntegration:/test-integration-pr-3808/testing/ ./

Changelog | 更新信息

openssl (3.2.4-0deepin7) unstable; urgency=medium

• Security update: Import 10 patches from upstream
  • dane_match_cert() should X509_free() on ->mcert instead
    Fixes: CVE-2026-28387
  • Fix NULL deref in [ec]dh_cms_set_shared_info
    Fixes: CVE-2026-28389
  • Test for DH/ECDH CMS KARI processing NULL pointer dereference
  • Fix NULL deref in rsa_cms_decrypt
    Fixes: CVE-2026-28390
  • Add test for CMS decryption with RSA keys
  • Fix NULL Dereference When Delta CRL Lacks CRL Number Extension
    Fixes: CVE-2026-28388
  • Added test for CVE-2026-28388
  • Avoid possible buffer overflow in buf2hex conversion
    Fixes: CVE-2026-31789
  • rsa_kem: validate RSA_public_encrypt() result in RSASVE
    Fixes: CVE-2026-31790
  • rsa_kem: test RSA_public_encrypt() result in RSASVE
    openssl: CVE-2026-31790, CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789 deepin-community/sig-deepin-security#310
• Include debian/patches/Add-test-for-CMS-decryption-with-RSA-keys.patch in
  debian/source/include-binaries

[deepin-bot]

Integration Test Info

Test suggestion | 测试建议

Influence | 影响范围

ADDITIONAL INFORMATION | 额外补充

[deepin-bot]

IntegrationProjector Notify the author
@UTsweetyfish: Integrated issue updated

[deepin-bot]

IntegrationProjector Bot
Deepin Testing Integration Project Manager Info
Link to deepin-community/Repository-Integration#3808