Details about package wolfssl
| Name: | wolfssl (PTS) |
|---|---|
| Uploader: | Jacob Barthelmeh <sirkilamole@msn.com> (Debian QA page) |
| Description: | libwolfssl35 - wolfSSL encryption library libwolfssl-dev - Development files for the wolfSSL encryption library |
Package uploads
Upload #1
Information
| Version: | 5.5.4-2+deb12u3 |
|---|---|
| Uploaded: | 2026-07-07 20:07 |
| Source package: | wolfssl_5.5.4-2+deb12u3.dsc |
| Distribution: | bookworm-security |
| Section: | libs |
| Priority: | optional |
| Homepage: | https://www.wolfssl.com/products/wolfssl/ |
Changelog
wolfssl (5.5.4-2+deb12u3) bookworm-security; urgency=high
.
* Backport upstream security fixes. (See #1140765, #1140815)
* CVE-2026-5194: enforce that a certificate signatureAlgorithm OID
matches the issuer key type, preventing acceptance of forged
ECDSA/EdDSA certificate signatures.
* CVE-2026-55961: reject degenerate (certs-only) PKCS#7 objects with
no verified signer in wolfSSL_PKCS7_verify().
* CVE-2026-55967: reject AES-GCM cumulative message sizes that would
overflow the 32-bit counters in the streaming update API.
* CVE-2026-55962: require a client Certificate/CertificateVerify when
a TLS 1.3 post-handshake CertificateRequest is outstanding.
* CVE-2026-7511: report the certificate that actually verified the
signature as the PKCS#7 signer.
* CVE-2026-6731: apply DNS name constraints to the Subject Common Name
when no subjectAltName is present.
* CVE-2026-6681: honour the caller-supplied output buffer size in the
PKCS#7 decode paths.
* CVE-2026-6678: fix an integer underflow in wc_PKCS7_DecryptOri when
handling crafted OtherRecipientInfo.
* CVE-2026-6450: reject CRLs containing unrecognized critical
extensions.
* CVE-2026-6329: reject PKCS#12 MAC length mismatches instead of
comparing an attacker-controlled length.
* CVE-2026-6325: bound the index in SetSuitesHashSigAlgo to prevent an
out-of-bounds write.
* CVE-2026-6094: bound the encrypted-content size in
wc_PKCS7_DecodeEnvelopedData to prevent a heap over-read.
* CVE-2026-6092: enforce Encrypt-then-MAC on the TLS resumption path.
* CVE-2026-6331: require an exact-length HMAC tag in
EVP_DigestVerifyFinal.
QA information
-
–
Package uses debhelper-compatDebhelper compatibility level 13
-
–
Newer upstream version available
Local: 5.5.4 Upstream: 5.9.2 Url: https://github.com/wolfSSL/wolfssl/archive/refs/tags/v5.9.2-stable.tar.gz -
–
Package is not native
Format: 3.0 (quilt) -
–
"Maintainer" email is the same as the uploader
-
–
Package has lintian informational tagswolfssl source
-
I
out-of-date-standards-version
- 4.6.1 (released 2022-05-11) (current is 4.7.4)
-
I
patch-not-forwarded-upstream
- [debian/patches/improve-clean-target.patch]
- [debian/patches/multi-arch.patch]
-
P
co-maintained-package-with-no-vcs-fields
-
P
source-contains-autogenerated-visual-c++-file
- [IDE/WIN10/resource.h]
- [IDE/WIN10/wolfssl-fips.rc]
- [resource.h]
-
P
trailing-whitespace
- [debian/changelog:53]
- [debian/control:65]
-
X
prefer-uscan-symlink
- filenamemangle s/.+\/v?(\d\S+)-stable\.tar\.gz/wolfssl-$1\.tar\.gz/ [debian/watch:6]
-
X
update-debian-copyright
- 2022 vs 2026 [debian/copyright:126]
-
X
very-long-line-length-in-source-file
- 1005 > 512 [mqx/wolfssl_client/.cproject:333]
- 1006 > 512 [mqx/wolfcrypt_test/.cproject:332]
- 1011 > 512 [mqx/wolfcrypt_benchmark/.cproject:340]
- 1017 > 512 [IDE/MCUEXPRESSO/benchmark/.cproject:709]
- 1061 > 512 [IDE/IAR-MSP430/main.c:65]
- 1100 > 512 [scripts/sniffer-tls13-dh-resume.pcap:280]
- 1186 > 512 [IDE/XilinxSDK/2018_2/.cproject:88]
- 1224 > 512 [IDE/MCUEXPRESSO/wolfssl/.cproject:528]
- 1225 > 512 [IDE/MCUEXPRESSO/wolfcrypt_test/.cproject:765]
- 1266 > 512 [scripts/sniffer-tls13-ecc-resume.pcap:218]
- 1287 > 512 [wolfcrypt/src/fp_mul_comba_48.i:234]
- 1540 > 512 [IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg:959]
- 1549 > 512 [IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/smc.scfg:698]
- 1575 > 512 [IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test_HardwareDebug.launch:173]
- 1576 > 512 [IDE/Renesas/e2studio/RX65N/GR-ROSE/test/test_HardwareDebug.launch:134]
- 1747 > 512 [wolfcrypt/src/fp_mul_comba_64.i:298]
- 513 > 512 [IDE/Renesas/e2studio/RX65N/RSK/wolfssl/.cproject:21]
- 513 > 512 [IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl/.cproject:21]
- 531 > 512 [IDE/CSBENCH/.cproject:103]
- 531 > 512 [wolfcrypt/src/fp_mul_comba_20.i:121]
- 532 > 512 [IDE/HEXIWEAR/wolfSSL_HW/.cproject:27]
- 540 > 512 [IDE/Renesas/e2studio/RA6M3/wolfssl/.cproject:188]
- 540 > 512 [IDE/Renesas/e2studio/RA6M4/wolfssl/.cproject:185]
- 548 > 512 [IDE/LPCXPRESSO/README.md:16]
- 550 > 512 [IDE/Renesas/e2studio/Projects/test/.cproject:20]
- 550 > 512 [IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/.cproject:20]
- 580 > 512 [wolfcrypt/src/fp_sqr_comba_48.i:285]
- 639 > 512 [wolfcrypt/src/fp_mul_comba_24.i:138]
- 674 > 512 [doc/dox_comments/header_files-ja/wolfio.h:270]
- 691 > 512 [IDE/HEXAGON/README.md:4]
- 738 > 512 [IDE/Renesas/e2studio/RX65N/GR-ROSE/test/.cproject:21]
- 738 > 512 [IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject:21]
- 747 > 512 [wolfcrypt/src/fp_mul_comba_28.i:154]
- 760 > 512 [IDE/XilinxSDK/2022_1/wolfCrypt_FreeRTOS_example/.cproject:206]
- 760 > 512 [IDE/XilinxSDK/2022_1/wolfCrypt_example/.cproject:204]
- 772 > 512 [wolfcrypt/src/fp_sqr_comba_64.i:365]
- 780 > 512 [IDE/Espressif/ESP-IDF/test/test_wolfssl.c:627]
- 795 > 512 [doc/dox_comments/header_files-ja/ssl.h:1588]
- 797 > 512 [scripts/sniffer-tls13-dh.pcap:95]
- 823 > 512 [scripts/sniffer-tls13-ecc.pcap:91]
- 855 > 512 [wolfcrypt/src/fp_mul_comba_32.i:172]
- 869 > 512 [LPCExpresso.cproject:113]
- 893 > 512 [sslSniffer/README.md:491]
- 915 > 512 [certs/test-ber-exp02-05-2022.p7b:1]
- 923 > 512 [doc/dox_comments/header_files-ja/types.h:46]
- 9279 > 512 [doc/formats/html/html_changes/tabs.css:1]
- 936 > 512 [IDE/LPCXPRESSO/wolf_example/.cproject:138]
- 936 > 512 [mqx/wolfssl/.cproject:402]
- 937 > 512 [mqx/util_lib/.cproject:142]
- 939 > 512 [configure.ac:7063]
- 947 > 512 [ChangeLog.md:314]
-
I
out-of-date-standards-version
-
–
No VCS field present
-
–
Package is already in Debian
- The package uploader is currently maintaining wolfssl in Debian
- Last upload was on the 2026-07-04
-
–
d/copyright is in DEP5 format
Upstream Contact: David Garske <david@wolfssl.com> Licenses: BSD-3-clause, GPL-2+, Apache-2.0, GPL-3+-with-autoconf, FSFAP
Comments
No comments