{
    "summary": {
        "snap": {
            "added": [],
            "removed": [],
            "diff": []
        },
        "deb": {
            "added": [
                "linux-image-6.17.0-12-generic",
                "linux-modules-6.17.0-12-generic"
            ],
            "removed": [
                "linux-image-6.17.0-8-generic",
                "linux-modules-6.17.0-8-generic"
            ],
            "diff": [
                "gir1.2-glib-2.0",
                "gpgv",
                "libglib2.0-0t64",
                "libpng16-16t64",
                "libpython3.13-minimal",
                "libpython3.13-stdlib",
                "libssl3t64",
                "libtasn1-6",
                "linux-image-virtual",
                "openssl",
                "openssl-provider-legacy",
                "python3-jaraco.context",
                "python3-urllib3",
                "python3.13",
                "python3.13-minimal",
                "snapd",
                "sudo-rs",
                "tzdata"
            ]
        }
    },
    "diff": {
        "deb": [
            {
                "name": "gir1.2-glib-2.0",
                "from_version": {
                    "source_package_name": "glib2.0",
                    "source_package_version": "2.86.0-2ubuntu0.1",
                    "version": "2.86.0-2ubuntu0.1"
                },
                "to_version": {
                    "source_package_name": "glib2.0",
                    "source_package_version": "2.86.0-2ubuntu0.2",
                    "version": "2.86.0-2ubuntu0.2"
                },
                "cves": [
                    {
                        "cve": "CVE-2026-0988",
                        "url": "https://ubuntu.com/security/CVE-2026-0988",
                        "cve_description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-01-21 12:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2026-0988",
                                "url": "https://ubuntu.com/security/CVE-2026-0988",
                                "cve_description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-01-21 12:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Integer overflow in g_buffered_input_stream_peek()",
                            "    - debian/patches/CVE-2026-0988.patch: fix a potential integer overflow",
                            "      in peek() in gio/gbufferedinputstream.c,",
                            "      gio/tests/buffered-input-stream.c.",
                            "    - CVE-2026-0988",
                            ""
                        ],
                        "package": "glib2.0",
                        "version": "2.86.0-2ubuntu0.2",
                        "urgency": "medium",
                        "distributions": "questing-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 20 Jan 2026 08:06:16 -0500"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "gpgv",
                "from_version": {
                    "source_package_name": "gnupg2",
                    "source_package_version": "2.4.8-2ubuntu2",
                    "version": "2.4.8-2ubuntu2"
                },
                "to_version": {
                    "source_package_name": "gnupg2",
                    "source_package_version": "2.4.8-2ubuntu2.1",
                    "version": "2.4.8-2ubuntu2.1"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-68973",
                        "url": "https://ubuntu.com/security/CVE-2025-68973",
                        "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)",
                        "cve_priority": "high",
                        "cve_public_date": "2025-12-28 17:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-68973",
                                "url": "https://ubuntu.com/security/CVE-2025-68973",
                                "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)",
                                "cve_priority": "high",
                                "cve_public_date": "2025-12-28 17:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Remote Code Execution",
                            "    - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory",
                            "    corruption in the armor parser.",
                            "    - CVE-2025-68973",
                            ""
                        ],
                        "package": "gnupg2",
                        "version": "2.4.8-2ubuntu2.1",
                        "urgency": "medium",
                        "distributions": "questing-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Allen Huang <allen.huang@canonical.com>",
                        "date": "Mon, 05 Jan 2026 21:39:20 +0000"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libglib2.0-0t64",
                "from_version": {
                    "source_package_name": "glib2.0",
                    "source_package_version": "2.86.0-2ubuntu0.1",
                    "version": "2.86.0-2ubuntu0.1"
                },
                "to_version": {
                    "source_package_name": "glib2.0",
                    "source_package_version": "2.86.0-2ubuntu0.2",
                    "version": "2.86.0-2ubuntu0.2"
                },
                "cves": [
                    {
                        "cve": "CVE-2026-0988",
                        "url": "https://ubuntu.com/security/CVE-2026-0988",
                        "cve_description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-01-21 12:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2026-0988",
                                "url": "https://ubuntu.com/security/CVE-2026-0988",
                                "cve_description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-01-21 12:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Integer overflow in g_buffered_input_stream_peek()",
                            "    - debian/patches/CVE-2026-0988.patch: fix a potential integer overflow",
                            "      in peek() in gio/gbufferedinputstream.c,",
                            "      gio/tests/buffered-input-stream.c.",
                            "    - CVE-2026-0988",
                            ""
                        ],
                        "package": "glib2.0",
                        "version": "2.86.0-2ubuntu0.2",
                        "urgency": "medium",
                        "distributions": "questing-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 20 Jan 2026 08:06:16 -0500"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libpng16-16t64",
                "from_version": {
                    "source_package_name": "libpng1.6",
                    "source_package_version": "1.6.50-1ubuntu0.1",
                    "version": "1.6.50-1ubuntu0.1"
                },
                "to_version": {
                    "source_package_name": "libpng1.6",
                    "source_package_version": "1.6.50-1ubuntu0.3",
                    "version": "1.6.50-1ubuntu0.3"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-66293",
                        "url": "https://ubuntu.com/security/CVE-2025-66293",
                        "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.",
                        "cve_priority": "medium",
                        "cve_public_date": "2025-12-03 21:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-22695",
                        "url": "https://ubuntu.com/security/CVE-2026-22695",
                        "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-01-12 23:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-22801",
                        "url": "https://ubuntu.com/security/CVE-2026-22801",
                        "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-01-12 23:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-66293",
                                "url": "https://ubuntu.com/security/CVE-2025-66293",
                                "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.",
                                "cve_priority": "medium",
                                "cve_public_date": "2025-12-03 21:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-22695",
                                "url": "https://ubuntu.com/security/CVE-2026-22695",
                                "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-01-12 23:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-22801",
                                "url": "https://ubuntu.com/security/CVE-2026-22801",
                                "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-01-12 23:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: OOB in png_image_read_composite",
                            "    - debian/patches/CVE-2025-66293-1.patch: validate component size in",
                            "      pngread.c.",
                            "    - debian/patches/CVE-2025-66293-2.patch: improve fix in pngread.c.",
                            "    - CVE-2025-66293",
                            "  * SECURITY UPDATE: Heap buffer over-read in png_image_read_direct_scaled",
                            "    - debian/patches/CVE-2026-22695.patch: fix memcpy size in pngread.c.",
                            "    - CVE-2026-22695",
                            "  * SECURITY UPDATE: Integer truncation causing heap buffer over-read",
                            "    - debian/patches/CVE-2026-22801.patch: remove incorrect truncation",
                            "      casts in CMakeLists.txt, contrib/libtests/pngstest.c, pngwrite.c,",
                            "      tests/pngstest-large-stride.",
                            "    - CVE-2026-22801",
                            ""
                        ],
                        "package": "libpng1.6",
                        "version": "1.6.50-1ubuntu0.3",
                        "urgency": "medium",
                        "distributions": "questing-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Mon, 12 Jan 2026 13:10:10 -0500"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libpython3.13-minimal",
                "from_version": {
                    "source_package_name": "python3.13",
                    "source_package_version": "3.13.7-1ubuntu0.1",
                    "version": "3.13.7-1ubuntu0.1"
                },
                "to_version": {
                    "source_package_name": "python3.13",
                    "source_package_version": "3.13.7-1ubuntu0.2",
                    "version": "3.13.7-1ubuntu0.2"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-13836",
                        "url": "https://ubuntu.com/security/CVE-2025-13836",
                        "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.",
                        "cve_priority": "medium",
                        "cve_public_date": "2025-12-01 18:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-13836",
                                "url": "https://ubuntu.com/security/CVE-2025-13836",
                                "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.",
                                "cve_priority": "medium",
                                "cve_public_date": "2025-12-01 18:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: HTTP Content-Length denial of service",
                            "    - debian/patches/CVE-2025-13836.patch: Read large data in chunks with",
                            "      geometric reads in Lib/http/client.py and add tests in ",
                            "      Lib/test/test_httplib.py",
                            "    - CVE-2025-13836",
                            ""
                        ],
                        "package": "python3.13",
                        "version": "3.13.7-1ubuntu0.2",
                        "urgency": "medium",
                        "distributions": "questing-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Vyom Yadav <vyom.yadav@canonical.com>",
                        "date": "Thu, 08 Jan 2026 17:45:45 +0530"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libpython3.13-stdlib",
                "from_version": {
                    "source_package_name": "python3.13",
                    "source_package_version": "3.13.7-1ubuntu0.1",
                    "version": "3.13.7-1ubuntu0.1"
                },
                "to_version": {
                    "source_package_name": "python3.13",
                    "source_package_version": "3.13.7-1ubuntu0.2",
                    "version": "3.13.7-1ubuntu0.2"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-13836",
                        "url": "https://ubuntu.com/security/CVE-2025-13836",
                        "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.",
                        "cve_priority": "medium",
                        "cve_public_date": "2025-12-01 18:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-13836",
                                "url": "https://ubuntu.com/security/CVE-2025-13836",
                                "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.",
                                "cve_priority": "medium",
                                "cve_public_date": "2025-12-01 18:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: HTTP Content-Length denial of service",
                            "    - debian/patches/CVE-2025-13836.patch: Read large data in chunks with",
                            "      geometric reads in Lib/http/client.py and add tests in ",
                            "      Lib/test/test_httplib.py",
                            "    - CVE-2025-13836",
                            ""
                        ],
                        "package": "python3.13",
                        "version": "3.13.7-1ubuntu0.2",
                        "urgency": "medium",
                        "distributions": "questing-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Vyom Yadav <vyom.yadav@canonical.com>",
                        "date": "Thu, 08 Jan 2026 17:45:45 +0530"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libssl3t64",
                "from_version": {
                    "source_package_name": "openssl",
                    "source_package_version": "3.5.3-1ubuntu2",
                    "version": "3.5.3-1ubuntu2"
                },
                "to_version": {
                    "source_package_name": "openssl",
                    "source_package_version": "3.5.3-1ubuntu3",
                    "version": "3.5.3-1ubuntu3"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-11187",
                        "url": "https://ubuntu.com/security/CVE-2025-11187",
                        "cve_description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification.  Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of Service for an application that parses untrusted PKCS#12 files. The buffer overflow may also potentially enable code execution depending on platform mitigations.  When verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2 salt and keylength parameters from the file are used without validation. If the value of keylength exceeds the size of the fixed stack buffer used for the derived key (64 bytes), the key derivation will overflow the buffer. The overflow length is attacker-controlled. Also, if the salt parameter is not an OCTET STRING type this can lead to invalid or NULL pointer dereference.  Exploiting this issue requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For this reason the issue was assessed as Moderate severity.  The FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as PKCS#12 processing is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.  OpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do not support PBMAC1 in PKCS#12.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-15467",
                        "url": "https://ubuntu.com/security/CVE-2025-15467",
                        "cve_description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow.  Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution.  When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs.  Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.  OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-15468",
                        "url": "https://ubuntu.com/security/CVE-2025-15468",
                        "cve_description": "Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs.  Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service.  Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported.  As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity.  The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support.  The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.  OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-15469",
                        "url": "https://ubuntu.com/security/CVE-2025-15469",
                        "cve_description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error.  Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire file is authenticated while trailing data beyond 16MB remains unauthenticated.  When the 'openssl dgst' command is used with algorithms that only support one-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input is buffered with a 16MB limit. If the input exceeds this limit, the tool silently truncates to the first 16MB and continues without signaling an error, contrary to what the documentation states. This creates an integrity gap where trailing bytes can be modified without detection if both signing and verification are performed using the same affected codepath.  The issue affects only the command-line tool behavior. Verifiers that process the full message using library APIs will reject the signature, so the risk primarily affects workflows that both sign and verify with the affected 'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and library users are unaffected.  The FIPS modules in 3.5 and 3.6 are not affected by this issue, as the command-line tools are outside the OpenSSL FIPS module boundary.  OpenSSL 3.5 and 3.6 are vulnerable to this issue.  OpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-66199",
                        "url": "https://ubuntu.com/security/CVE-2025-66199",
                        "cve_description": "Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit.  Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and extra CPU work, potentially leading to service degradation or resource exhaustion (Denial of Service).  In affected configurations, the peer-supplied uncompressed certificate length from a CompressedCertificate message is used to grow a heap buffer prior to decompression. This length is not bounded by the max_cert_list setting, which otherwise constrains certificate message sizes. An attacker can exploit this to cause large per-connection allocations followed by handshake failure. No memory corruption or information disclosure occurs.  This issue only affects builds where TLS 1.3 certificate compression is compiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression algorithm (brotli, zlib, or zstd) is available, and where the compression extension is negotiated. Both clients receiving a server CompressedCertificate and servers in mutual TLS scenarios receiving a client CompressedCertificate are affected. Servers that do not request client certificates are not vulnerable to client-initiated attacks.  Users can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION to disable receiving compressed certificates.  The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the TLS implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.  OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-68160",
                        "url": "https://ubuntu.com/security/CVE-2025-68160",
                        "cve_description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write.  Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application.  The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-69418",
                        "url": "https://ubuntu.com/security/CVE-2025-69418",
                        "cve_description": "Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted and unauthenticated.<br><br>Impact summary: The trailing 1-15 bytes of a message may be exposed in<br>cleartext on encryption and are not covered by the authentication tag,<br>allowing an attacker to read or tamper with those bytes without detection.<br><br>The low-level OCB encrypt and decrypt routines in the hardware-accelerated<br>stream path process full 16-byte blocks but do not advance the input/output<br>pointers. The subsequent tail-handling code then operates on the original<br>base pointers, effectively reprocessing the beginning of the buffer while<br>leaving the actual trailing bytes unprocessed. The authentication checksum<br>also excludes the true tail bytes.<br><br>However, typical OpenSSL consumers using EVP are not affected because the<br>higher-level EVP and provider OCB implementations split inputs so that full<br>blocks and trailing partial blocks are processed in separate calls, avoiding<br>the problematic code path. Additionally, TLS does not use OCB ciphersuites.<br>The vulnerability only affects applications that call the low-level<br>CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with<br>non-block-aligned lengths in a single call on hardware-accelerated builds.<br>For these reasons the issue was assessed as Low severity.<br><br>The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected<br>by this issue, as OCB mode is not a FIPS-approved algorithm.<br><br>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.<br><br>OpenSSL 1.0.2 is not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-69419",
                        "url": "https://ubuntu.com/security/CVE-2025-69419",
                        "cve_description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer.  Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service.  The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer.  The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.  OpenSSL 1.0.2 is not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-69420",
                        "url": "https://ubuntu.com/security/CVE-2025-69420",
                        "cve_description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file.  Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service.  The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash.  Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity.  The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.  OpenSSL 1.0.2 is not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-69421",
                        "url": "https://ubuntu.com/security/CVE-2025-69421",
                        "cve_description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function.  Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files.  The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure.  Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-2279",
                        "url": "https://ubuntu.com/security/CVE-2026-2279",
                        "cve_description": "",
                        "cve_priority": "n/a",
                        "cve_public_date": ""
                    },
                    {
                        "cve": "CVE-2026-22795",
                        "url": "https://ubuntu.com/security/CVE-2026-22795",
                        "cve_description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file.  Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service.  A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read.  The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity.  The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.  OpenSSL 1.0.2 is not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-22796",
                        "url": "https://ubuntu.com/security/CVE-2026-22796",
                        "cve_description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data.  Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service.  The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash.  Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity.  The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-11187",
                                "url": "https://ubuntu.com/security/CVE-2025-11187",
                                "cve_description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification.  Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of Service for an application that parses untrusted PKCS#12 files. The buffer overflow may also potentially enable code execution depending on platform mitigations.  When verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2 salt and keylength parameters from the file are used without validation. If the value of keylength exceeds the size of the fixed stack buffer used for the derived key (64 bytes), the key derivation will overflow the buffer. The overflow length is attacker-controlled. Also, if the salt parameter is not an OCTET STRING type this can lead to invalid or NULL pointer dereference.  Exploiting this issue requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For this reason the issue was assessed as Moderate severity.  The FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as PKCS#12 processing is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.  OpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do not support PBMAC1 in PKCS#12.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-15467",
                                "url": "https://ubuntu.com/security/CVE-2025-15467",
                                "cve_description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow.  Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution.  When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs.  Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.  OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-15468",
                                "url": "https://ubuntu.com/security/CVE-2025-15468",
                                "cve_description": "Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs.  Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service.  Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported.  As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity.  The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support.  The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.  OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-15469",
                                "url": "https://ubuntu.com/security/CVE-2025-15469",
                                "cve_description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error.  Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire file is authenticated while trailing data beyond 16MB remains unauthenticated.  When the 'openssl dgst' command is used with algorithms that only support one-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input is buffered with a 16MB limit. If the input exceeds this limit, the tool silently truncates to the first 16MB and continues without signaling an error, contrary to what the documentation states. This creates an integrity gap where trailing bytes can be modified without detection if both signing and verification are performed using the same affected codepath.  The issue affects only the command-line tool behavior. Verifiers that process the full message using library APIs will reject the signature, so the risk primarily affects workflows that both sign and verify with the affected 'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and library users are unaffected.  The FIPS modules in 3.5 and 3.6 are not affected by this issue, as the command-line tools are outside the OpenSSL FIPS module boundary.  OpenSSL 3.5 and 3.6 are vulnerable to this issue.  OpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-66199",
                                "url": "https://ubuntu.com/security/CVE-2025-66199",
                                "cve_description": "Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit.  Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and extra CPU work, potentially leading to service degradation or resource exhaustion (Denial of Service).  In affected configurations, the peer-supplied uncompressed certificate length from a CompressedCertificate message is used to grow a heap buffer prior to decompression. This length is not bounded by the max_cert_list setting, which otherwise constrains certificate message sizes. An attacker can exploit this to cause large per-connection allocations followed by handshake failure. No memory corruption or information disclosure occurs.  This issue only affects builds where TLS 1.3 certificate compression is compiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression algorithm (brotli, zlib, or zstd) is available, and where the compression extension is negotiated. Both clients receiving a server CompressedCertificate and servers in mutual TLS scenarios receiving a client CompressedCertificate are affected. Servers that do not request client certificates are not vulnerable to client-initiated attacks.  Users can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION to disable receiving compressed certificates.  The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the TLS implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.  OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-68160",
                                "url": "https://ubuntu.com/security/CVE-2025-68160",
                                "cve_description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write.  Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application.  The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-69418",
                                "url": "https://ubuntu.com/security/CVE-2025-69418",
                                "cve_description": "Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted and unauthenticated.<br><br>Impact summary: The trailing 1-15 bytes of a message may be exposed in<br>cleartext on encryption and are not covered by the authentication tag,<br>allowing an attacker to read or tamper with those bytes without detection.<br><br>The low-level OCB encrypt and decrypt routines in the hardware-accelerated<br>stream path process full 16-byte blocks but do not advance the input/output<br>pointers. The subsequent tail-handling code then operates on the original<br>base pointers, effectively reprocessing the beginning of the buffer while<br>leaving the actual trailing bytes unprocessed. The authentication checksum<br>also excludes the true tail bytes.<br><br>However, typical OpenSSL consumers using EVP are not affected because the<br>higher-level EVP and provider OCB implementations split inputs so that full<br>blocks and trailing partial blocks are processed in separate calls, avoiding<br>the problematic code path. Additionally, TLS does not use OCB ciphersuites.<br>The vulnerability only affects applications that call the low-level<br>CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with<br>non-block-aligned lengths in a single call on hardware-accelerated builds.<br>For these reasons the issue was assessed as Low severity.<br><br>The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected<br>by this issue, as OCB mode is not a FIPS-approved algorithm.<br><br>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.<br><br>OpenSSL 1.0.2 is not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-69419",
                                "url": "https://ubuntu.com/security/CVE-2025-69419",
                                "cve_description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer.  Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service.  The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer.  The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.  OpenSSL 1.0.2 is not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-69420",
                                "url": "https://ubuntu.com/security/CVE-2025-69420",
                                "cve_description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file.  Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service.  The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash.  Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity.  The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.  OpenSSL 1.0.2 is not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-69421",
                                "url": "https://ubuntu.com/security/CVE-2025-69421",
                                "cve_description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function.  Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files.  The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure.  Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-2279",
                                "url": "https://ubuntu.com/security/CVE-2026-2279",
                                "cve_description": "",
                                "cve_priority": "n/a",
                                "cve_public_date": ""
                            },
                            {
                                "cve": "CVE-2026-22795",
                                "url": "https://ubuntu.com/security/CVE-2026-22795",
                                "cve_description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file.  Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service.  A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read.  The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity.  The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.  OpenSSL 1.0.2 is not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-22796",
                                "url": "https://ubuntu.com/security/CVE-2026-22796",
                                "cve_description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data.  Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service.  The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash.  Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity.  The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper validation of PBMAC1 parameters in PKCS#12",
                            "    MAC verification",
                            "    - debian/patches/CVE-2025-11187.patch: validate salt and keylength in",
                            "      PBMAC1 in crypto/pkcs12/p12_mutl.c.",
                            "    - CVE-2025-11187",
                            "  * SECURITY UPDATE: Stack buffer overflow in CMS AuthEnvelopedData parsing",
                            "    - debian/patches/CVE-2025-15467-1.patch: correct handling of",
                            "      AEAD-encrypted CMS with inadmissibly long IV in crypto/evp/evp_lib.c.",
                            "    - debian/patches/CVE-2025-15467-2.patch: some comments to clarify",
                            "      functions usage in crypto/asn1/evp_asn1.c.",
                            "    - debian/patches/CVE-2025-15467-3.patch: test for handling of",
                            "      AEAD-encrypted CMS with inadmissibly long IV in test/cmsapitest.c,",
                            "      test/recipes/80-test_cmsapi.t,",
                            "      test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem.",
                            "    - CVE-2025-15467",
                            "  * SECURITY UPDATE: NULL dereference in SSL_CIPHER_find() function on",
                            "    unknown cipher ID",
                            "    - debian/patches/CVE-2025-15468.patch: add a NULL guard before",
                            "      dereferencing SSL_CIPHER in ssl/quic/quic_impl.c.",
                            "    - CVE-2025-15468",
                            "  * SECURITY UPDATE: \"openssl dgst\" one-shot codepath silently truncates",
                            "    inputs >16MB",
                            "    - debian/patches/CVE-2025-15469.patch: report truncation in oneshot",
                            "      \"openssl dgst -sign\" in apps/dgst.c, apps/include/apps.h,",
                            "      apps/lib/apps.c, apps/pkeyutl.c.",
                            "    - CVE-2025-15469",
                            "  * SECURITY UPDATE: TLS 1.3 CompressedCertificate excessive memory",
                            "    allocation",
                            "    - debian/patches/CVE-2025-66199.patch: check the received uncompressed",
                            "      certificate length in ssl/statem/statem_lib.c,",
                            "      test/recipes/70-test_tls13certcomp.t, util/perl/TLSProxy/Message.pm.",
                            "    - CVE-2025-66199",
                            "  * SECURITY UPDATE: Heap out-of-bounds write in BIO_f_linebuffer on short",
                            "    writes",
                            "    - debian/patches/CVE-2025-68160.patch: fix heap buffer overflow in",
                            "      BIO_f_linebuffer in crypto/bio/bf_lbuf.c.",
                            "    - CVE-2025-68160",
                            "  * SECURITY UPDATE: Unauthenticated/unencrypted trailing bytes with",
                            "    low-level OCB function calls",
                            "    - debian/patches/CVE-2025-69418.patch: fix OCB AES-NI/HW stream path",
                            "      unauthenticated/unencrypted trailing bytes in crypto/modes/ocb128.c.",
                            "    - CVE-2025-69418",
                            "  * SECURITY UPDATE: Out of bounds write in PKCS12_get_friendlyname() UTF-8",
                            "    conversion",
                            "    - debian/patches/CVE-2025-69419.patch: check return code of UTF8_putc",
                            "      in crypto/asn1/a_strex.c, crypto/pkcs12/p12_utl.c.",
                            "    - CVE-2025-69419",
                            "  * SECURITY UPDATE: Missing ASN1_TYPE validation in",
                            "    TS_RESP_verify_response() function",
                            "    - debian/patches/CVE-2025-69420.patch: verify ASN1 object's types",
                            "      before attempting to access them as a particular type in",
                            "      crypto/ts/ts_rsp_verify.c.",
                            "    - CVE-2025-69420",
                            "  * SECURITY UPDATE: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex",
                            "    - debian/patches/CVE-2025-69421.patch: add NULL check in",
                            "      crypto/pkcs12/p12_decr.c.",
                            "    - CVE-2025-69421",
                            "  * SECURITY UPDATE: ASN1_TYPE missing validation and type confusion",
                            "    - debian/patches/CVE-2026-2279x.patch: ensure ASN1 types are checked",
                            "      before use in apps/s_client.c, crypto/pkcs12/p12_kiss.c,",
                            "      crypto/pkcs7/pk7_doit.c.",
                            "    - CVE-2026-22795",
                            "    - CVE-2026-22796",
                            ""
                        ],
                        "package": "openssl",
                        "version": "3.5.3-1ubuntu3",
                        "urgency": "medium",
                        "distributions": "questing-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Mon, 26 Jan 2026 07:29:59 -0500"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libtasn1-6",
                "from_version": {
                    "source_package_name": "libtasn1-6",
                    "source_package_version": "4.20.0-2build1",
                    "version": "4.20.0-2build1"
                },
                "to_version": {
                    "source_package_name": "libtasn1-6",
                    "source_package_version": "4.20.0-2ubuntu0.25.10.1",
                    "version": "4.20.0-2ubuntu0.25.10.1"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-13151",
                        "url": "https://ubuntu.com/security/CVE-2025-13151",
                        "cve_description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-01-07 22:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-13151",
                                "url": "https://ubuntu.com/security/CVE-2025-13151",
                                "cve_description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-01-07 22:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Stack-based buffer overflow",
                            "    - debian/patches/CVE-2025-13151.patch: fix asn1_expand_octet_string",
                            "      buffer size in lib/decoding.c.",
                            "    - CVE-2025-13151",
                            ""
                        ],
                        "package": "libtasn1-6",
                        "version": "4.20.0-2ubuntu0.25.10.1",
                        "urgency": "medium",
                        "distributions": "questing-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Thu, 08 Jan 2026 12:22:05 -0500"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "linux-image-virtual",
                "from_version": {
                    "source_package_name": "linux-meta",
                    "source_package_version": "6.17.0-8.8",
                    "version": "6.17.0-8.8"
                },
                "to_version": {
                    "source_package_name": "linux-meta",
                    "source_package_version": "6.17.0-12.12",
                    "version": "6.17.0-12.12"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Main version: 6.17.0-12.12",
                            ""
                        ],
                        "package": "linux-meta",
                        "version": "6.17.0-12.12",
                        "urgency": "medium",
                        "distributions": "questing",
                        "launchpad_bugs_fixed": [],
                        "author": "Manuel Diewald <manuel.diewald@canonical.com>",
                        "date": "Fri, 09 Jan 2026 18:10:27 +0100"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "openssl",
                "from_version": {
                    "source_package_name": "openssl",
                    "source_package_version": "3.5.3-1ubuntu2",
                    "version": "3.5.3-1ubuntu2"
                },
                "to_version": {
                    "source_package_name": "openssl",
                    "source_package_version": "3.5.3-1ubuntu3",
                    "version": "3.5.3-1ubuntu3"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-11187",
                        "url": "https://ubuntu.com/security/CVE-2025-11187",
                        "cve_description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification.  Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of Service for an application that parses untrusted PKCS#12 files. The buffer overflow may also potentially enable code execution depending on platform mitigations.  When verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2 salt and keylength parameters from the file are used without validation. If the value of keylength exceeds the size of the fixed stack buffer used for the derived key (64 bytes), the key derivation will overflow the buffer. The overflow length is attacker-controlled. Also, if the salt parameter is not an OCTET STRING type this can lead to invalid or NULL pointer dereference.  Exploiting this issue requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For this reason the issue was assessed as Moderate severity.  The FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as PKCS#12 processing is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.  OpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do not support PBMAC1 in PKCS#12.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-15467",
                        "url": "https://ubuntu.com/security/CVE-2025-15467",
                        "cve_description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow.  Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution.  When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs.  Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.  OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-15468",
                        "url": "https://ubuntu.com/security/CVE-2025-15468",
                        "cve_description": "Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs.  Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service.  Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported.  As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity.  The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support.  The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.  OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-15469",
                        "url": "https://ubuntu.com/security/CVE-2025-15469",
                        "cve_description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error.  Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire file is authenticated while trailing data beyond 16MB remains unauthenticated.  When the 'openssl dgst' command is used with algorithms that only support one-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input is buffered with a 16MB limit. If the input exceeds this limit, the tool silently truncates to the first 16MB and continues without signaling an error, contrary to what the documentation states. This creates an integrity gap where trailing bytes can be modified without detection if both signing and verification are performed using the same affected codepath.  The issue affects only the command-line tool behavior. Verifiers that process the full message using library APIs will reject the signature, so the risk primarily affects workflows that both sign and verify with the affected 'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and library users are unaffected.  The FIPS modules in 3.5 and 3.6 are not affected by this issue, as the command-line tools are outside the OpenSSL FIPS module boundary.  OpenSSL 3.5 and 3.6 are vulnerable to this issue.  OpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-66199",
                        "url": "https://ubuntu.com/security/CVE-2025-66199",
                        "cve_description": "Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit.  Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and extra CPU work, potentially leading to service degradation or resource exhaustion (Denial of Service).  In affected configurations, the peer-supplied uncompressed certificate length from a CompressedCertificate message is used to grow a heap buffer prior to decompression. This length is not bounded by the max_cert_list setting, which otherwise constrains certificate message sizes. An attacker can exploit this to cause large per-connection allocations followed by handshake failure. No memory corruption or information disclosure occurs.  This issue only affects builds where TLS 1.3 certificate compression is compiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression algorithm (brotli, zlib, or zstd) is available, and where the compression extension is negotiated. Both clients receiving a server CompressedCertificate and servers in mutual TLS scenarios receiving a client CompressedCertificate are affected. Servers that do not request client certificates are not vulnerable to client-initiated attacks.  Users can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION to disable receiving compressed certificates.  The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the TLS implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.  OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-68160",
                        "url": "https://ubuntu.com/security/CVE-2025-68160",
                        "cve_description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write.  Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application.  The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-69418",
                        "url": "https://ubuntu.com/security/CVE-2025-69418",
                        "cve_description": "Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted and unauthenticated.<br><br>Impact summary: The trailing 1-15 bytes of a message may be exposed in<br>cleartext on encryption and are not covered by the authentication tag,<br>allowing an attacker to read or tamper with those bytes without detection.<br><br>The low-level OCB encrypt and decrypt routines in the hardware-accelerated<br>stream path process full 16-byte blocks but do not advance the input/output<br>pointers. The subsequent tail-handling code then operates on the original<br>base pointers, effectively reprocessing the beginning of the buffer while<br>leaving the actual trailing bytes unprocessed. The authentication checksum<br>also excludes the true tail bytes.<br><br>However, typical OpenSSL consumers using EVP are not affected because the<br>higher-level EVP and provider OCB implementations split inputs so that full<br>blocks and trailing partial blocks are processed in separate calls, avoiding<br>the problematic code path. Additionally, TLS does not use OCB ciphersuites.<br>The vulnerability only affects applications that call the low-level<br>CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with<br>non-block-aligned lengths in a single call on hardware-accelerated builds.<br>For these reasons the issue was assessed as Low severity.<br><br>The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected<br>by this issue, as OCB mode is not a FIPS-approved algorithm.<br><br>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.<br><br>OpenSSL 1.0.2 is not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-69419",
                        "url": "https://ubuntu.com/security/CVE-2025-69419",
                        "cve_description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer.  Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service.  The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer.  The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.  OpenSSL 1.0.2 is not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-69420",
                        "url": "https://ubuntu.com/security/CVE-2025-69420",
                        "cve_description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file.  Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service.  The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash.  Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity.  The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.  OpenSSL 1.0.2 is not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-69421",
                        "url": "https://ubuntu.com/security/CVE-2025-69421",
                        "cve_description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function.  Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files.  The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure.  Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-2279",
                        "url": "https://ubuntu.com/security/CVE-2026-2279",
                        "cve_description": "",
                        "cve_priority": "n/a",
                        "cve_public_date": ""
                    },
                    {
                        "cve": "CVE-2026-22795",
                        "url": "https://ubuntu.com/security/CVE-2026-22795",
                        "cve_description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file.  Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service.  A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read.  The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity.  The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.  OpenSSL 1.0.2 is not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-22796",
                        "url": "https://ubuntu.com/security/CVE-2026-22796",
                        "cve_description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data.  Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service.  The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash.  Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity.  The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-11187",
                                "url": "https://ubuntu.com/security/CVE-2025-11187",
                                "cve_description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification.  Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of Service for an application that parses untrusted PKCS#12 files. The buffer overflow may also potentially enable code execution depending on platform mitigations.  When verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2 salt and keylength parameters from the file are used without validation. If the value of keylength exceeds the size of the fixed stack buffer used for the derived key (64 bytes), the key derivation will overflow the buffer. The overflow length is attacker-controlled. Also, if the salt parameter is not an OCTET STRING type this can lead to invalid or NULL pointer dereference.  Exploiting this issue requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For this reason the issue was assessed as Moderate severity.  The FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as PKCS#12 processing is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.  OpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do not support PBMAC1 in PKCS#12.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-15467",
                                "url": "https://ubuntu.com/security/CVE-2025-15467",
                                "cve_description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow.  Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution.  When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs.  Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.  OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-15468",
                                "url": "https://ubuntu.com/security/CVE-2025-15468",
                                "cve_description": "Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs.  Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service.  Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported.  As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity.  The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support.  The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.  OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-15469",
                                "url": "https://ubuntu.com/security/CVE-2025-15469",
                                "cve_description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error.  Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire file is authenticated while trailing data beyond 16MB remains unauthenticated.  When the 'openssl dgst' command is used with algorithms that only support one-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input is buffered with a 16MB limit. If the input exceeds this limit, the tool silently truncates to the first 16MB and continues without signaling an error, contrary to what the documentation states. This creates an integrity gap where trailing bytes can be modified without detection if both signing and verification are performed using the same affected codepath.  The issue affects only the command-line tool behavior. Verifiers that process the full message using library APIs will reject the signature, so the risk primarily affects workflows that both sign and verify with the affected 'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and library users are unaffected.  The FIPS modules in 3.5 and 3.6 are not affected by this issue, as the command-line tools are outside the OpenSSL FIPS module boundary.  OpenSSL 3.5 and 3.6 are vulnerable to this issue.  OpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-66199",
                                "url": "https://ubuntu.com/security/CVE-2025-66199",
                                "cve_description": "Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit.  Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and extra CPU work, potentially leading to service degradation or resource exhaustion (Denial of Service).  In affected configurations, the peer-supplied uncompressed certificate length from a CompressedCertificate message is used to grow a heap buffer prior to decompression. This length is not bounded by the max_cert_list setting, which otherwise constrains certificate message sizes. An attacker can exploit this to cause large per-connection allocations followed by handshake failure. No memory corruption or information disclosure occurs.  This issue only affects builds where TLS 1.3 certificate compression is compiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression algorithm (brotli, zlib, or zstd) is available, and where the compression extension is negotiated. Both clients receiving a server CompressedCertificate and servers in mutual TLS scenarios receiving a client CompressedCertificate are affected. Servers that do not request client certificates are not vulnerable to client-initiated attacks.  Users can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION to disable receiving compressed certificates.  The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the TLS implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.  OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-68160",
                                "url": "https://ubuntu.com/security/CVE-2025-68160",
                                "cve_description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write.  Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application.  The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-69418",
                                "url": "https://ubuntu.com/security/CVE-2025-69418",
                                "cve_description": "Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted and unauthenticated.<br><br>Impact summary: The trailing 1-15 bytes of a message may be exposed in<br>cleartext on encryption and are not covered by the authentication tag,<br>allowing an attacker to read or tamper with those bytes without detection.<br><br>The low-level OCB encrypt and decrypt routines in the hardware-accelerated<br>stream path process full 16-byte blocks but do not advance the input/output<br>pointers. The subsequent tail-handling code then operates on the original<br>base pointers, effectively reprocessing the beginning of the buffer while<br>leaving the actual trailing bytes unprocessed. The authentication checksum<br>also excludes the true tail bytes.<br><br>However, typical OpenSSL consumers using EVP are not affected because the<br>higher-level EVP and provider OCB implementations split inputs so that full<br>blocks and trailing partial blocks are processed in separate calls, avoiding<br>the problematic code path. Additionally, TLS does not use OCB ciphersuites.<br>The vulnerability only affects applications that call the low-level<br>CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with<br>non-block-aligned lengths in a single call on hardware-accelerated builds.<br>For these reasons the issue was assessed as Low severity.<br><br>The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected<br>by this issue, as OCB mode is not a FIPS-approved algorithm.<br><br>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.<br><br>OpenSSL 1.0.2 is not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-69419",
                                "url": "https://ubuntu.com/security/CVE-2025-69419",
                                "cve_description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer.  Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service.  The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer.  The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.  OpenSSL 1.0.2 is not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-69420",
                                "url": "https://ubuntu.com/security/CVE-2025-69420",
                                "cve_description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file.  Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service.  The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash.  Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity.  The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.  OpenSSL 1.0.2 is not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-69421",
                                "url": "https://ubuntu.com/security/CVE-2025-69421",
                                "cve_description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function.  Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files.  The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure.  Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-2279",
                                "url": "https://ubuntu.com/security/CVE-2026-2279",
                                "cve_description": "",
                                "cve_priority": "n/a",
                                "cve_public_date": ""
                            },
                            {
                                "cve": "CVE-2026-22795",
                                "url": "https://ubuntu.com/security/CVE-2026-22795",
                                "cve_description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file.  Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service.  A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read.  The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity.  The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.  OpenSSL 1.0.2 is not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-22796",
                                "url": "https://ubuntu.com/security/CVE-2026-22796",
                                "cve_description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data.  Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service.  The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash.  Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity.  The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper validation of PBMAC1 parameters in PKCS#12",
                            "    MAC verification",
                            "    - debian/patches/CVE-2025-11187.patch: validate salt and keylength in",
                            "      PBMAC1 in crypto/pkcs12/p12_mutl.c.",
                            "    - CVE-2025-11187",
                            "  * SECURITY UPDATE: Stack buffer overflow in CMS AuthEnvelopedData parsing",
                            "    - debian/patches/CVE-2025-15467-1.patch: correct handling of",
                            "      AEAD-encrypted CMS with inadmissibly long IV in crypto/evp/evp_lib.c.",
                            "    - debian/patches/CVE-2025-15467-2.patch: some comments to clarify",
                            "      functions usage in crypto/asn1/evp_asn1.c.",
                            "    - debian/patches/CVE-2025-15467-3.patch: test for handling of",
                            "      AEAD-encrypted CMS with inadmissibly long IV in test/cmsapitest.c,",
                            "      test/recipes/80-test_cmsapi.t,",
                            "      test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem.",
                            "    - CVE-2025-15467",
                            "  * SECURITY UPDATE: NULL dereference in SSL_CIPHER_find() function on",
                            "    unknown cipher ID",
                            "    - debian/patches/CVE-2025-15468.patch: add a NULL guard before",
                            "      dereferencing SSL_CIPHER in ssl/quic/quic_impl.c.",
                            "    - CVE-2025-15468",
                            "  * SECURITY UPDATE: \"openssl dgst\" one-shot codepath silently truncates",
                            "    inputs >16MB",
                            "    - debian/patches/CVE-2025-15469.patch: report truncation in oneshot",
                            "      \"openssl dgst -sign\" in apps/dgst.c, apps/include/apps.h,",
                            "      apps/lib/apps.c, apps/pkeyutl.c.",
                            "    - CVE-2025-15469",
                            "  * SECURITY UPDATE: TLS 1.3 CompressedCertificate excessive memory",
                            "    allocation",
                            "    - debian/patches/CVE-2025-66199.patch: check the received uncompressed",
                            "      certificate length in ssl/statem/statem_lib.c,",
                            "      test/recipes/70-test_tls13certcomp.t, util/perl/TLSProxy/Message.pm.",
                            "    - CVE-2025-66199",
                            "  * SECURITY UPDATE: Heap out-of-bounds write in BIO_f_linebuffer on short",
                            "    writes",
                            "    - debian/patches/CVE-2025-68160.patch: fix heap buffer overflow in",
                            "      BIO_f_linebuffer in crypto/bio/bf_lbuf.c.",
                            "    - CVE-2025-68160",
                            "  * SECURITY UPDATE: Unauthenticated/unencrypted trailing bytes with",
                            "    low-level OCB function calls",
                            "    - debian/patches/CVE-2025-69418.patch: fix OCB AES-NI/HW stream path",
                            "      unauthenticated/unencrypted trailing bytes in crypto/modes/ocb128.c.",
                            "    - CVE-2025-69418",
                            "  * SECURITY UPDATE: Out of bounds write in PKCS12_get_friendlyname() UTF-8",
                            "    conversion",
                            "    - debian/patches/CVE-2025-69419.patch: check return code of UTF8_putc",
                            "      in crypto/asn1/a_strex.c, crypto/pkcs12/p12_utl.c.",
                            "    - CVE-2025-69419",
                            "  * SECURITY UPDATE: Missing ASN1_TYPE validation in",
                            "    TS_RESP_verify_response() function",
                            "    - debian/patches/CVE-2025-69420.patch: verify ASN1 object's types",
                            "      before attempting to access them as a particular type in",
                            "      crypto/ts/ts_rsp_verify.c.",
                            "    - CVE-2025-69420",
                            "  * SECURITY UPDATE: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex",
                            "    - debian/patches/CVE-2025-69421.patch: add NULL check in",
                            "      crypto/pkcs12/p12_decr.c.",
                            "    - CVE-2025-69421",
                            "  * SECURITY UPDATE: ASN1_TYPE missing validation and type confusion",
                            "    - debian/patches/CVE-2026-2279x.patch: ensure ASN1 types are checked",
                            "      before use in apps/s_client.c, crypto/pkcs12/p12_kiss.c,",
                            "      crypto/pkcs7/pk7_doit.c.",
                            "    - CVE-2026-22795",
                            "    - CVE-2026-22796",
                            ""
                        ],
                        "package": "openssl",
                        "version": "3.5.3-1ubuntu3",
                        "urgency": "medium",
                        "distributions": "questing-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Mon, 26 Jan 2026 07:29:59 -0500"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "openssl-provider-legacy",
                "from_version": {
                    "source_package_name": "openssl",
                    "source_package_version": "3.5.3-1ubuntu2",
                    "version": "3.5.3-1ubuntu2"
                },
                "to_version": {
                    "source_package_name": "openssl",
                    "source_package_version": "3.5.3-1ubuntu3",
                    "version": "3.5.3-1ubuntu3"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-11187",
                        "url": "https://ubuntu.com/security/CVE-2025-11187",
                        "cve_description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification.  Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of Service for an application that parses untrusted PKCS#12 files. The buffer overflow may also potentially enable code execution depending on platform mitigations.  When verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2 salt and keylength parameters from the file are used without validation. If the value of keylength exceeds the size of the fixed stack buffer used for the derived key (64 bytes), the key derivation will overflow the buffer. The overflow length is attacker-controlled. Also, if the salt parameter is not an OCTET STRING type this can lead to invalid or NULL pointer dereference.  Exploiting this issue requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For this reason the issue was assessed as Moderate severity.  The FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as PKCS#12 processing is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.  OpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do not support PBMAC1 in PKCS#12.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-15467",
                        "url": "https://ubuntu.com/security/CVE-2025-15467",
                        "cve_description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow.  Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution.  When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs.  Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.  OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-15468",
                        "url": "https://ubuntu.com/security/CVE-2025-15468",
                        "cve_description": "Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs.  Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service.  Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported.  As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity.  The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support.  The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.  OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-15469",
                        "url": "https://ubuntu.com/security/CVE-2025-15469",
                        "cve_description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error.  Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire file is authenticated while trailing data beyond 16MB remains unauthenticated.  When the 'openssl dgst' command is used with algorithms that only support one-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input is buffered with a 16MB limit. If the input exceeds this limit, the tool silently truncates to the first 16MB and continues without signaling an error, contrary to what the documentation states. This creates an integrity gap where trailing bytes can be modified without detection if both signing and verification are performed using the same affected codepath.  The issue affects only the command-line tool behavior. Verifiers that process the full message using library APIs will reject the signature, so the risk primarily affects workflows that both sign and verify with the affected 'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and library users are unaffected.  The FIPS modules in 3.5 and 3.6 are not affected by this issue, as the command-line tools are outside the OpenSSL FIPS module boundary.  OpenSSL 3.5 and 3.6 are vulnerable to this issue.  OpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-66199",
                        "url": "https://ubuntu.com/security/CVE-2025-66199",
                        "cve_description": "Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit.  Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and extra CPU work, potentially leading to service degradation or resource exhaustion (Denial of Service).  In affected configurations, the peer-supplied uncompressed certificate length from a CompressedCertificate message is used to grow a heap buffer prior to decompression. This length is not bounded by the max_cert_list setting, which otherwise constrains certificate message sizes. An attacker can exploit this to cause large per-connection allocations followed by handshake failure. No memory corruption or information disclosure occurs.  This issue only affects builds where TLS 1.3 certificate compression is compiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression algorithm (brotli, zlib, or zstd) is available, and where the compression extension is negotiated. Both clients receiving a server CompressedCertificate and servers in mutual TLS scenarios receiving a client CompressedCertificate are affected. Servers that do not request client certificates are not vulnerable to client-initiated attacks.  Users can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION to disable receiving compressed certificates.  The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the TLS implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.  OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-68160",
                        "url": "https://ubuntu.com/security/CVE-2025-68160",
                        "cve_description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write.  Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application.  The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-69418",
                        "url": "https://ubuntu.com/security/CVE-2025-69418",
                        "cve_description": "Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted and unauthenticated.<br><br>Impact summary: The trailing 1-15 bytes of a message may be exposed in<br>cleartext on encryption and are not covered by the authentication tag,<br>allowing an attacker to read or tamper with those bytes without detection.<br><br>The low-level OCB encrypt and decrypt routines in the hardware-accelerated<br>stream path process full 16-byte blocks but do not advance the input/output<br>pointers. The subsequent tail-handling code then operates on the original<br>base pointers, effectively reprocessing the beginning of the buffer while<br>leaving the actual trailing bytes unprocessed. The authentication checksum<br>also excludes the true tail bytes.<br><br>However, typical OpenSSL consumers using EVP are not affected because the<br>higher-level EVP and provider OCB implementations split inputs so that full<br>blocks and trailing partial blocks are processed in separate calls, avoiding<br>the problematic code path. Additionally, TLS does not use OCB ciphersuites.<br>The vulnerability only affects applications that call the low-level<br>CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with<br>non-block-aligned lengths in a single call on hardware-accelerated builds.<br>For these reasons the issue was assessed as Low severity.<br><br>The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected<br>by this issue, as OCB mode is not a FIPS-approved algorithm.<br><br>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.<br><br>OpenSSL 1.0.2 is not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-69419",
                        "url": "https://ubuntu.com/security/CVE-2025-69419",
                        "cve_description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer.  Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service.  The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer.  The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.  OpenSSL 1.0.2 is not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-69420",
                        "url": "https://ubuntu.com/security/CVE-2025-69420",
                        "cve_description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file.  Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service.  The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash.  Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity.  The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.  OpenSSL 1.0.2 is not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-69421",
                        "url": "https://ubuntu.com/security/CVE-2025-69421",
                        "cve_description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function.  Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files.  The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure.  Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-2279",
                        "url": "https://ubuntu.com/security/CVE-2026-2279",
                        "cve_description": "",
                        "cve_priority": "n/a",
                        "cve_public_date": ""
                    },
                    {
                        "cve": "CVE-2026-22795",
                        "url": "https://ubuntu.com/security/CVE-2026-22795",
                        "cve_description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file.  Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service.  A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read.  The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity.  The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.  OpenSSL 1.0.2 is not affected by this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-22796",
                        "url": "https://ubuntu.com/security/CVE-2026-22796",
                        "cve_description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data.  Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service.  The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash.  Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity.  The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-01-27 16:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-11187",
                                "url": "https://ubuntu.com/security/CVE-2025-11187",
                                "cve_description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification.  Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of Service for an application that parses untrusted PKCS#12 files. The buffer overflow may also potentially enable code execution depending on platform mitigations.  When verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2 salt and keylength parameters from the file are used without validation. If the value of keylength exceeds the size of the fixed stack buffer used for the derived key (64 bytes), the key derivation will overflow the buffer. The overflow length is attacker-controlled. Also, if the salt parameter is not an OCTET STRING type this can lead to invalid or NULL pointer dereference.  Exploiting this issue requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For this reason the issue was assessed as Moderate severity.  The FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as PKCS#12 processing is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.  OpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do not support PBMAC1 in PKCS#12.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-15467",
                                "url": "https://ubuntu.com/security/CVE-2025-15467",
                                "cve_description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow.  Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution.  When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs.  Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.  OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-15468",
                                "url": "https://ubuntu.com/security/CVE-2025-15468",
                                "cve_description": "Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs.  Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service.  Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported.  As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity.  The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support.  The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.  OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-15469",
                                "url": "https://ubuntu.com/security/CVE-2025-15469",
                                "cve_description": "Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error.  Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire file is authenticated while trailing data beyond 16MB remains unauthenticated.  When the 'openssl dgst' command is used with algorithms that only support one-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input is buffered with a 16MB limit. If the input exceeds this limit, the tool silently truncates to the first 16MB and continues without signaling an error, contrary to what the documentation states. This creates an integrity gap where trailing bytes can be modified without detection if both signing and verification are performed using the same affected codepath.  The issue affects only the command-line tool behavior. Verifiers that process the full message using library APIs will reject the signature, so the risk primarily affects workflows that both sign and verify with the affected 'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and library users are unaffected.  The FIPS modules in 3.5 and 3.6 are not affected by this issue, as the command-line tools are outside the OpenSSL FIPS module boundary.  OpenSSL 3.5 and 3.6 are vulnerable to this issue.  OpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-66199",
                                "url": "https://ubuntu.com/security/CVE-2025-66199",
                                "cve_description": "Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit.  Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and extra CPU work, potentially leading to service degradation or resource exhaustion (Denial of Service).  In affected configurations, the peer-supplied uncompressed certificate length from a CompressedCertificate message is used to grow a heap buffer prior to decompression. This length is not bounded by the max_cert_list setting, which otherwise constrains certificate message sizes. An attacker can exploit this to cause large per-connection allocations followed by handshake failure. No memory corruption or information disclosure occurs.  This issue only affects builds where TLS 1.3 certificate compression is compiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression algorithm (brotli, zlib, or zstd) is available, and where the compression extension is negotiated. Both clients receiving a server CompressedCertificate and servers in mutual TLS scenarios receiving a client CompressedCertificate are affected. Servers that do not request client certificates are not vulnerable to client-initiated attacks.  Users can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION to disable receiving compressed certificates.  The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the TLS implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.  OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-68160",
                                "url": "https://ubuntu.com/security/CVE-2025-68160",
                                "cve_description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write.  Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application.  The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-69418",
                                "url": "https://ubuntu.com/security/CVE-2025-69418",
                                "cve_description": "Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted and unauthenticated.<br><br>Impact summary: The trailing 1-15 bytes of a message may be exposed in<br>cleartext on encryption and are not covered by the authentication tag,<br>allowing an attacker to read or tamper with those bytes without detection.<br><br>The low-level OCB encrypt and decrypt routines in the hardware-accelerated<br>stream path process full 16-byte blocks but do not advance the input/output<br>pointers. The subsequent tail-handling code then operates on the original<br>base pointers, effectively reprocessing the beginning of the buffer while<br>leaving the actual trailing bytes unprocessed. The authentication checksum<br>also excludes the true tail bytes.<br><br>However, typical OpenSSL consumers using EVP are not affected because the<br>higher-level EVP and provider OCB implementations split inputs so that full<br>blocks and trailing partial blocks are processed in separate calls, avoiding<br>the problematic code path. Additionally, TLS does not use OCB ciphersuites.<br>The vulnerability only affects applications that call the low-level<br>CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with<br>non-block-aligned lengths in a single call on hardware-accelerated builds.<br>For these reasons the issue was assessed as Low severity.<br><br>The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected<br>by this issue, as OCB mode is not a FIPS-approved algorithm.<br><br>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.<br><br>OpenSSL 1.0.2 is not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-69419",
                                "url": "https://ubuntu.com/security/CVE-2025-69419",
                                "cve_description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer.  Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service.  The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer.  The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.  OpenSSL 1.0.2 is not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-69420",
                                "url": "https://ubuntu.com/security/CVE-2025-69420",
                                "cve_description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file.  Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service.  The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash.  Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity.  The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.  OpenSSL 1.0.2 is not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-69421",
                                "url": "https://ubuntu.com/security/CVE-2025-69421",
                                "cve_description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function.  Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files.  The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure.  Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy.  The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-2279",
                                "url": "https://ubuntu.com/security/CVE-2026-2279",
                                "cve_description": "",
                                "cve_priority": "n/a",
                                "cve_public_date": ""
                            },
                            {
                                "cve": "CVE-2026-22795",
                                "url": "https://ubuntu.com/security/CVE-2026-22795",
                                "cve_description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file.  Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service.  A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read.  The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity.  The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.  OpenSSL 1.0.2 is not affected by this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-22796",
                                "url": "https://ubuntu.com/security/CVE-2026-22796",
                                "cve_description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data.  Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service.  The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash.  Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity.  The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary.  OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-01-27 16:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper validation of PBMAC1 parameters in PKCS#12",
                            "    MAC verification",
                            "    - debian/patches/CVE-2025-11187.patch: validate salt and keylength in",
                            "      PBMAC1 in crypto/pkcs12/p12_mutl.c.",
                            "    - CVE-2025-11187",
                            "  * SECURITY UPDATE: Stack buffer overflow in CMS AuthEnvelopedData parsing",
                            "    - debian/patches/CVE-2025-15467-1.patch: correct handling of",
                            "      AEAD-encrypted CMS with inadmissibly long IV in crypto/evp/evp_lib.c.",
                            "    - debian/patches/CVE-2025-15467-2.patch: some comments to clarify",
                            "      functions usage in crypto/asn1/evp_asn1.c.",
                            "    - debian/patches/CVE-2025-15467-3.patch: test for handling of",
                            "      AEAD-encrypted CMS with inadmissibly long IV in test/cmsapitest.c,",
                            "      test/recipes/80-test_cmsapi.t,",
                            "      test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem.",
                            "    - CVE-2025-15467",
                            "  * SECURITY UPDATE: NULL dereference in SSL_CIPHER_find() function on",
                            "    unknown cipher ID",
                            "    - debian/patches/CVE-2025-15468.patch: add a NULL guard before",
                            "      dereferencing SSL_CIPHER in ssl/quic/quic_impl.c.",
                            "    - CVE-2025-15468",
                            "  * SECURITY UPDATE: \"openssl dgst\" one-shot codepath silently truncates",
                            "    inputs >16MB",
                            "    - debian/patches/CVE-2025-15469.patch: report truncation in oneshot",
                            "      \"openssl dgst -sign\" in apps/dgst.c, apps/include/apps.h,",
                            "      apps/lib/apps.c, apps/pkeyutl.c.",
                            "    - CVE-2025-15469",
                            "  * SECURITY UPDATE: TLS 1.3 CompressedCertificate excessive memory",
                            "    allocation",
                            "    - debian/patches/CVE-2025-66199.patch: check the received uncompressed",
                            "      certificate length in ssl/statem/statem_lib.c,",
                            "      test/recipes/70-test_tls13certcomp.t, util/perl/TLSProxy/Message.pm.",
                            "    - CVE-2025-66199",
                            "  * SECURITY UPDATE: Heap out-of-bounds write in BIO_f_linebuffer on short",
                            "    writes",
                            "    - debian/patches/CVE-2025-68160.patch: fix heap buffer overflow in",
                            "      BIO_f_linebuffer in crypto/bio/bf_lbuf.c.",
                            "    - CVE-2025-68160",
                            "  * SECURITY UPDATE: Unauthenticated/unencrypted trailing bytes with",
                            "    low-level OCB function calls",
                            "    - debian/patches/CVE-2025-69418.patch: fix OCB AES-NI/HW stream path",
                            "      unauthenticated/unencrypted trailing bytes in crypto/modes/ocb128.c.",
                            "    - CVE-2025-69418",
                            "  * SECURITY UPDATE: Out of bounds write in PKCS12_get_friendlyname() UTF-8",
                            "    conversion",
                            "    - debian/patches/CVE-2025-69419.patch: check return code of UTF8_putc",
                            "      in crypto/asn1/a_strex.c, crypto/pkcs12/p12_utl.c.",
                            "    - CVE-2025-69419",
                            "  * SECURITY UPDATE: Missing ASN1_TYPE validation in",
                            "    TS_RESP_verify_response() function",
                            "    - debian/patches/CVE-2025-69420.patch: verify ASN1 object's types",
                            "      before attempting to access them as a particular type in",
                            "      crypto/ts/ts_rsp_verify.c.",
                            "    - CVE-2025-69420",
                            "  * SECURITY UPDATE: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex",
                            "    - debian/patches/CVE-2025-69421.patch: add NULL check in",
                            "      crypto/pkcs12/p12_decr.c.",
                            "    - CVE-2025-69421",
                            "  * SECURITY UPDATE: ASN1_TYPE missing validation and type confusion",
                            "    - debian/patches/CVE-2026-2279x.patch: ensure ASN1 types are checked",
                            "      before use in apps/s_client.c, crypto/pkcs12/p12_kiss.c,",
                            "      crypto/pkcs7/pk7_doit.c.",
                            "    - CVE-2026-22795",
                            "    - CVE-2026-22796",
                            ""
                        ],
                        "package": "openssl",
                        "version": "3.5.3-1ubuntu3",
                        "urgency": "medium",
                        "distributions": "questing-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Mon, 26 Jan 2026 07:29:59 -0500"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "python3-jaraco.context",
                "from_version": {
                    "source_package_name": "jaraco.context",
                    "source_package_version": "6.0.1-1",
                    "version": "6.0.1-1"
                },
                "to_version": {
                    "source_package_name": "jaraco.context",
                    "source_package_version": "6.0.1-1ubuntu0.1",
                    "version": "6.0.1-1ubuntu0.1"
                },
                "cves": [
                    {
                        "cve": "CVE-2026-23949",
                        "url": "https://ubuntu.com/security/CVE-2026-23949",
                        "cve_description": "jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the `jaraco.context.tarball()` function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract files outside the intended extraction directory when malicious tar archives are processed. The strip_first_component filter splits the path on the first `/` and extracts the second component, while allowing `../` sequences. Paths like `dummy_dir/../../etc/passwd` become `../../etc/passwd`. Note that this suffers from a nested tarball attack as well with multi-level tar files such as `dummy_dir/inner.tar.gz`, where the inner.tar.gz includes a traversal `dummy_dir/../../config/.env` that also gets translated to `../../config/.env`. Version 6.1.0 contains a patch for the issue.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-01-20 01:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2026-23949",
                                "url": "https://ubuntu.com/security/CVE-2026-23949",
                                "cve_description": "jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the `jaraco.context.tarball()` function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract files outside the intended extraction directory when malicious tar archives are processed. The strip_first_component filter splits the path on the first `/` and extracts the second component, while allowing `../` sequences. Paths like `dummy_dir/../../etc/passwd` become `../../etc/passwd`. Note that this suffers from a nested tarball attack as well with multi-level tar files such as `dummy_dir/inner.tar.gz`, where the inner.tar.gz includes a traversal `dummy_dir/../../config/.env` that also gets translated to `../../config/.env`. Version 6.1.0 contains a patch for the issue.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-01-20 01:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Zip slip path traversal vulnerability",
                            "    - debian/patches/CVE-2026-23949-*.patch: ensure that the default filter",
                            "      honors the data filter to avoid path traversal vulnerabilities in",
                            "      jaraco/context/__init__.py, tests/test_safety.py",
                            "    - CVE-2026-23949",
                            ""
                        ],
                        "package": "jaraco.context",
                        "version": "6.0.1-1ubuntu0.1",
                        "urgency": "medium",
                        "distributions": "questing-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Wed, 21 Jan 2026 10:39:31 -0500"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "python3-urllib3",
                "from_version": {
                    "source_package_name": "python-urllib3",
                    "source_package_version": "2.3.0-3ubuntu0.1",
                    "version": "2.3.0-3ubuntu0.1"
                },
                "to_version": {
                    "source_package_name": "python-urllib3",
                    "source_package_version": "2.3.0-3ubuntu0.4",
                    "version": "2.3.0-3ubuntu0.4"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-66471",
                        "url": "https://ubuntu.com/security/CVE-2025-66471",
                        "cve_description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.",
                        "cve_priority": "medium",
                        "cve_public_date": "2025-12-05 17:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-66471",
                        "url": "https://ubuntu.com/security/CVE-2025-66471",
                        "cve_description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.",
                        "cve_priority": "medium",
                        "cve_public_date": "2025-12-05 17:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-21441",
                        "url": "https://ubuntu.com/security/CVE-2026-21441",
                        "cve_description": "urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-01-07 22:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [
                    2136906,
                    2136906
                ],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-66471",
                                "url": "https://ubuntu.com/security/CVE-2025-66471",
                                "cve_description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.",
                                "cve_priority": "medium",
                                "cve_public_date": "2025-12-05 17:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY REGRESSION: Zstandard missing attribute after CVE-2025-66471 fix.",
                            "    (LP: #2136906)",
                            "    - debian/patches/CVE-2025-66471-fix2.patch: Fall back if \"needs_input\" is",
                            "      not a zstd object attribute in src/urllib3/response.py.",
                            ""
                        ],
                        "package": "python-urllib3",
                        "version": "2.3.0-3ubuntu0.4",
                        "urgency": "medium",
                        "distributions": "questing-security",
                        "launchpad_bugs_fixed": [
                            2136906
                        ],
                        "author": "Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>",
                        "date": "Tue, 13 Jan 2026 09:29:02 -0330"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-66471",
                                "url": "https://ubuntu.com/security/CVE-2025-66471",
                                "cve_description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.",
                                "cve_priority": "medium",
                                "cve_public_date": "2025-12-05 17:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY REGRESSION: Zstd issues after CVE-2025-66471 fix. (LP: #2136906)",
                            "    - debian/patches/CVE-2025-66471-fix1.patch: Revert zstd fix due to not",
                            "      being compatible with zstandard.",
                            ""
                        ],
                        "package": "python-urllib3",
                        "version": "2.3.0-3ubuntu0.3",
                        "urgency": "medium",
                        "distributions": "questing-security",
                        "launchpad_bugs_fixed": [
                            2136906
                        ],
                        "author": "Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>",
                        "date": "Mon, 12 Jan 2026 15:50:53 -0330"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2026-21441",
                                "url": "https://ubuntu.com/security/CVE-2026-21441",
                                "cve_description": "urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-01-07 22:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Decompression bomb in HTTP redirect responses.",
                            "    - debian/patches/CVE-2026-21441.patch: Add decode_content to self.read()",
                            "      in src/urllib3/response.py. Add tests in",
                            "      test/with_dummyserver/test_connectionpool.py and dummyserver/app.py.",
                            "    - CVE-2026-21441",
                            ""
                        ],
                        "package": "python-urllib3",
                        "version": "2.3.0-3ubuntu0.2",
                        "urgency": "medium",
                        "distributions": "questing-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>",
                        "date": "Thu, 08 Jan 2026 14:32:03 -0330"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "python3.13",
                "from_version": {
                    "source_package_name": "python3.13",
                    "source_package_version": "3.13.7-1ubuntu0.1",
                    "version": "3.13.7-1ubuntu0.1"
                },
                "to_version": {
                    "source_package_name": "python3.13",
                    "source_package_version": "3.13.7-1ubuntu0.2",
                    "version": "3.13.7-1ubuntu0.2"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-13836",
                        "url": "https://ubuntu.com/security/CVE-2025-13836",
                        "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.",
                        "cve_priority": "medium",
                        "cve_public_date": "2025-12-01 18:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-13836",
                                "url": "https://ubuntu.com/security/CVE-2025-13836",
                                "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.",
                                "cve_priority": "medium",
                                "cve_public_date": "2025-12-01 18:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: HTTP Content-Length denial of service",
                            "    - debian/patches/CVE-2025-13836.patch: Read large data in chunks with",
                            "      geometric reads in Lib/http/client.py and add tests in ",
                            "      Lib/test/test_httplib.py",
                            "    - CVE-2025-13836",
                            ""
                        ],
                        "package": "python3.13",
                        "version": "3.13.7-1ubuntu0.2",
                        "urgency": "medium",
                        "distributions": "questing-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Vyom Yadav <vyom.yadav@canonical.com>",
                        "date": "Thu, 08 Jan 2026 17:45:45 +0530"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "python3.13-minimal",
                "from_version": {
                    "source_package_name": "python3.13",
                    "source_package_version": "3.13.7-1ubuntu0.1",
                    "version": "3.13.7-1ubuntu0.1"
                },
                "to_version": {
                    "source_package_name": "python3.13",
                    "source_package_version": "3.13.7-1ubuntu0.2",
                    "version": "3.13.7-1ubuntu0.2"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-13836",
                        "url": "https://ubuntu.com/security/CVE-2025-13836",
                        "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.",
                        "cve_priority": "medium",
                        "cve_public_date": "2025-12-01 18:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-13836",
                                "url": "https://ubuntu.com/security/CVE-2025-13836",
                                "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.",
                                "cve_priority": "medium",
                                "cve_public_date": "2025-12-01 18:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: HTTP Content-Length denial of service",
                            "    - debian/patches/CVE-2025-13836.patch: Read large data in chunks with",
                            "      geometric reads in Lib/http/client.py and add tests in ",
                            "      Lib/test/test_httplib.py",
                            "    - CVE-2025-13836",
                            ""
                        ],
                        "package": "python3.13",
                        "version": "3.13.7-1ubuntu0.2",
                        "urgency": "medium",
                        "distributions": "questing-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Vyom Yadav <vyom.yadav@canonical.com>",
                        "date": "Thu, 08 Jan 2026 17:45:45 +0530"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "snapd",
                "from_version": {
                    "source_package_name": "snapd",
                    "source_package_version": "2.72+ubuntu25.10.2",
                    "version": "2.72+ubuntu25.10.2"
                },
                "to_version": {
                    "source_package_name": "snapd",
                    "source_package_version": "2.73+ubuntu25.10",
                    "version": "2.73+ubuntu25.10"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2132084,
                    2127189,
                    1851490,
                    2121853,
                    2127214,
                    2127244,
                    2127766,
                    2118396,
                    2114923,
                    2112551,
                    2114779,
                    2112544,
                    2112332,
                    1952500,
                    1849346,
                    2098780,
                    2033883
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #2132084",
                            "    - FDE: do not save incomplete FDE state when resealing was skipped",
                            "    - FDE: warn of inconsistent primary or policy counter",
                            "    - Confdb: document confdb in snapctl help messages",
                            "    - Confdb: only confdb hooks wait if snaps are disabled",
                            "    - Confdb: relax confdb change conflict checks",
                            "    - Confdb: remove empty parent when removing last leaf",
                            "    - Confdb: support parsing field filters",
                            "    - Confdb: wrap confdb write values under \"values\" key",
                            "    - dm-verity for essential snaps: add new naming convention for",
                            "      verity files",
                            "    - dm-verity for essential snaps: add snap integrity discovery",
                            "    - dm-verity for essential snaps: fix verity salt calculation",
                            "    - Assertions: add hardware identity assertion",
                            "    - Assertions: add integrity stanza in snap resources revisions",
                            "    - Assertions: add request message assertion required for remote",
                            "      device management",
                            "    - Assertions: add response-message assertion for secure remote",
                            "      device management",
                            "    - Assertions: expose WithStackedBackstore in RODatabase",
                            "    - Packaging: cross-distro | install upstream NEWS file into relevant",
                            "      snapd package doc directory",
                            "    - Packaging: cross-distro | tweak how the blocks injecting",
                            "      $SNAP_MOUNT_DIR/bin are generated as required for openSUSE",
                            "    - Packaging: remove deprecated snap-gdb-shim and all references now",
                            "      that snap run --gdb is unsupported and replaced by --gdbserver",
                            "    - Preseed: call systemd-tmpfiles instead handle-writable-paths on",
                            "      uc26",
                            "    - Preseed: do not remove the /snap dir but rather all its contents",
                            "      during reset",
                            "    - snap-confine: attach name derived from security tag to BPF maps",
                            "      and programs",
                            "    - snap-confine: ensure permitted capabilities match expectation",
                            "    - snap-confine: fix cached snap-confine profile cleanup to report",
                            "      the correct error instead of masking backend setup failures",
                            "    - snap-confine: Improve validation of user controlled paths",
                            "    - snap-confine: tighten snap cgroup checks to ensure a snap cannot",
                            "      start another snap in the same cgroup, preventing incorrect",
                            "      device-filter installation",
                            "    - core-initrd: add 26.04 ubuntu-core-initramfs package",
                            "    - core-initrd: add missing order dependency for setting default",
                            "      system files",
                            "    - core-initrd: avoid scanning loop and mmc boot partitions as the",
                            "      boot disk won't be any of these",
                            "    - core-initrd: make cpio a Depends and remove from Build-Depends",
                            "    - core-initrd: start plymouth sooner and reload when gadget is",
                            "      available",
                            "    - Cross-distro: modify syscheck to account for differences in",
                            "      openSUSE 16.0+",
                            "    - Validation sets: use in-flight validation sets when calling",
                            "      'snapctl install' from hook",
                            "    - Prompting: enable prompting for the camera interface",
                            "    - Prompting: remove polkit authentication when modifying/deleting",
                            "      prompting rules",
                            "    - LP: #2127189 Prompting: do not record notices for unchanged rules",
                            "      on snapd startup",
                            "    - AppArmor: add free and pidof to the template",
                            "    - AppArmor: adjust interfaces/profiles to cope with coreutils paths",
                            "    - Interfaces: add support for compatibility expressions",
                            "    - Interfaces: checkbox-support | complete overhaul",
                            "    - Interfaces: define vulkan-driver-libs, cuda-driver-libs, egl-",
                            "      driver-libs, gbm-driver-libs, opengl-driver-libs, and opengles-",
                            "      driver-libs",
                            "    - Interfaces: allow snaps on classic access to nvidia graphics",
                            "      libraries exported by *-driver-libs interfaces",
                            "    - Interfaces: fwupd | broaden access to /boot/efi/EFI",
                            "    - Interfaces: gsettings | set dconf-service as profile for",
                            "      ca.desrt.dconf.Writer",
                            "    - Interfaces: iscsi-initiator, dm-multipath, nvme-control | add new",
                            "      interfaces",
                            "    - Interfaces: opengl | grant read/write permission to /run/nvidia-",
                            "      persistenced/socket",
                            "    - interfaces: ros-snapd-support | add access to /v2/changes/",
                            "    - Interfaces: system-observe | read access to btrfs/ext4/zfs",
                            "      filesystem information",
                            "    - Interfaces: system-trace | allow /sys/kernel/tracing/** rw",
                            "    - Interfaces: usb-gadget | add support for ffs mounts in attributes",
                            "    - Add autocompletion to run command",
                            "    - Introduce option for disallowing auto-connection of a specific",
                            "      interface",
                            "    - Only log errors for user service operations performed as a part of",
                            "      snap removal",
                            "    - Patch snap names in service requests for parallel installed snaps",
                            "    - Simplify traits for eMMC special partitions",
                            "    - Strip apparmor_parser from debug symbols shrinking snapd size by",
                            "      ~3MB",
                            "    - Fix InstallPathMany skipping refresh control",
                            "    - Fix waiting for GDB helper to stop before attaching gdbserver",
                            "    - Protect the per-snap tmp directory against being reaped by age",
                            "    - Prevent disabling base snaps to ensure dependent snaps can be",
                            "      removed",
                            "    - Modify API endpoint /v2/logs to reject n <= 0 (except for special",
                            "      case -1 meaning all)",
                            "    - Avoid potential deadlock when task is injected after the change",
                            "      was aborted",
                            "    - Avoid race between store download stream and cache cleanup",
                            "      executing in parallel when invoked by snap download task",
                            "    - LP: #1851490 Use \"current\" instead of revision number for icons",
                            "    - LP: #2121853 Add snapctl version command",
                            "    - LP: #2127214 Ensure no more than one partition on disk can match a",
                            "      gadget partition",
                            "    - LP: #2127244 snap-confine: update AppArmor profile to allow",
                            "      read/write to journal as workaround for snap-confine fd",
                            "      inheritance prevented by newer AppArmor",
                            "    - LP: #2127766 Add new tracing mechanism with independently running",
                            "      strace and shim synchronization",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.73+ubuntu25.10",
                        "urgency": "medium",
                        "distributions": "questing",
                        "launchpad_bugs_fixed": [
                            2132084,
                            2127189,
                            1851490,
                            2121853,
                            2127214,
                            2127244,
                            2127766
                        ],
                        "author": "Ernest Lotter <ernest.lotter@canonical.com>",
                        "date": "Fri, 21 Nov 2025 09:08:02 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #2118396",
                            "    - FDE: auto-repair when recovery key is used",
                            "    - FDE: revoke keys on shim update",
                            "    - FDE: revoke old TPM keys when dbx has been updated",
                            "    - FDE: do not reseal FDE hook keys every time",
                            "    - FDE: store keys in the kernel keyring when installing from initrd",
                            "    - FDE: allow disabled DMA on Core",
                            "    - FDE: snap-bootstrap: do not check for partition in scan-disk on",
                            "      CVM",
                            "    - FDE: support secboot preinstall check for 25.10+ hybrid installs",
                            "      via the /v2/system/{label} endpoint",
                            "    - FDE: support generating recovery key at install time via the",
                            "      /v2/systems/{label} endpoint",
                            "    - FDE: update passphrase quality check at install time via the",
                            "      /v2/systems/{label} endpoint",
                            "    - FDE: support replacing recovery key at runtime via the new",
                            "      /v2/system-volumes endpoint",
                            "    - FDE: support checking recovery keys at runtime via the /v2/system-",
                            "      volumes endpoint",
                            "    - FDE: support enumerating keyslots at runtime via the /v2/system-",
                            "      volumes endpoint",
                            "    - FDE: support changing passphrase at runtime via the /v2/system-",
                            "      volumes endpoint",
                            "    - FDE: support passphrase quality check at runtime via the",
                            "      /v2/system-volumes endpoint",
                            "    - FDE: update secboot to revision 3e181c8edf0f",
                            "    - Confdb: support lists and indexed paths on read and write",
                            "    - Confdb: alias references must be wrapped in brackets",
                            "    - Confdb: support indexed paths in confdb-schema assertion",
                            "    - Confdb: make API errors consistent with options",
                            "    - Confdb: fetch confdb-schema assertion on access",
                            "    - Confdb: prevent --previous from being used in read-side hooks",
                            "    - Components: fix snap command with multiple components",
                            "    - Components: set revision of seed components to x1",
                            "    - Components: unmount extra kernel-modules components mounts",
                            "    - AppArmor Prompting: add lifespan \"session\" for prompting rules",
                            "    - AppArmor Prompting: support restoring prompts after snapd restart",
                            "    - AppArmor Prompting: limit the extra information included in probed",
                            "      AppArmor features and system key",
                            "    - Notices: refactor notice state internals",
                            "    - SELinux: look for restorecon/matchpathcon at all known locations",
                            "      rather than current PATH",
                            "    - SELinux: update policy to allow watching cgroups (for RAA), and",
                            "      talking to user session agents (service mgmt/refresh)",
                            "    - Refresh App Awareness: Fix unexpected inotify file descriptor",
                            "      cleanup",
                            "    - snap-confine: workaround for glibc fchmodat() fallback and handle",
                            "      ENOSYS",
                            "    - snap-confine: add support for host policy for limiting users able",
                            "      to run snaps",
                            "    - LP: #2114923 Reject system key mismatch advise when not yet seeded",
                            "    - Use separate lanes for essential and non-essential snaps during",
                            "      seeding and allow non-essential installs to retry",
                            "    - Fix bug preventing remodel from core18 to core18 when snapd snap",
                            "      is unchanged",
                            "    - LP: #2112551 Make removal of last active revision of a snap equal",
                            "      to snap remove",
                            "    - LP: #2114779 Allow non-gpt in fallback mode to support RPi",
                            "    - Switch from using systemd LogNamespace to manually controlled",
                            "      journal quotas",
                            "    - Change snap command trace logging to only log the command names",
                            "    - Grant desktop-launch access to /v2/snaps",
                            "    - Update code for creating the snap journal stream",
                            "    - Switch from using core to snapd snap for snap debug connectivity",
                            "    - LP: #2112544 Fix offline remodel case where we switched to a",
                            "      channel without an actual refresh",
                            "    - LP: #2112332 Exclude snap/snapd/preseeding when generating preseed",
                            "      tarball",
                            "    - LP: #1952500 Fix snap command progress reporting",
                            "    - LP: #1849346 Interfaces: kerberos-tickets |  add new interface",
                            "    - Interfaces: u2f | add support for Thetis Pro",
                            "    - Interfaces: u2f | add OneSpan device and fix older device",
                            "    - Interfaces: pipewire, audio-playback | support pipewire as system",
                            "      daemon",
                            "    - Interfaces: gpg-keys | allow access to GPG agent sockets",
                            "    - Interfaces: usb-gadget | add new interface",
                            "    - Interfaces: snap-fde-control, firmware-updater-support | add new",
                            "      interfaces to support FDE",
                            "    - Interfaces: timezone-control | extend to support timedatectl",
                            "      varlink",
                            "    - Interfaces: cpu-control | fix rules for accessing IRQ sysfs and",
                            "      procfs directories",
                            "    - Interfaces: microstack-support | allow SR-IOV attachments",
                            "    - Interfaces: modify AppArmor template to allow snaps to read their",
                            "      own systemd credentials",
                            "    - Interfaces: posix-mq | allow stat on /dev/mqueue",
                            "    - LP: #2098780 Interfaces: log-observe | add capability",
                            "      dac_read_search",
                            "    - Interfaces: block-devices | allow access to ZFS pools and datasets",
                            "    - LP: #2033883 Interfaces: block-devices | opt-in access to",
                            "      individual partitions",
                            "    - Interfaces: accel | add new interface to support accel kernel",
                            "      subsystem",
                            "    - Interfaces: shutdown | allow client to bind on its side of dbus",
                            "      socket",
                            "    - Interfaces: modify seccomp template to allow pwritev2",
                            "    - Interfaces: modify AppArmor template to allow reading",
                            "      /proc/sys/fs/nr_open",
                            "    - Packaging: drop snap.failure service for openSUSE",
                            "    - Packaging: add SELinux support for openSUSE",
                            "    - Packaging: disable optee when using nooptee build tag",
                            "    - Packaging: add support for static PIE builds in snapd.mk, drop",
                            "      pie.patch from openSUSE",
                            "    - Packaging: add libcap2-bin runtime dependency for ubuntu-16.04",
                            "    - Packaging: use snapd.mk for packaging on Fedora",
                            "    - Packaging: exclude .git directory",
                            "    - Packaging: fix DPKG_PARSECHANGELOG assignment",
                            "    - Packaging: fix building on Fedora with dpkg installed",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.71",
                        "urgency": "medium",
                        "distributions": "xenial",
                        "launchpad_bugs_fixed": [
                            2118396,
                            2114923,
                            2112551,
                            2114779,
                            2112544,
                            2112332,
                            1952500,
                            1849346,
                            2098780,
                            2033883
                        ],
                        "author": "Ernest Lotter <ernest.lotter@canonical.com>",
                        "date": "Fri, 25 Jul 2025 13:18:47 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "sudo-rs",
                "from_version": {
                    "source_package_name": "rust-sudo-rs",
                    "source_package_version": "0.2.8-1ubuntu5.2",
                    "version": "0.2.8-1ubuntu5.2"
                },
                "to_version": {
                    "source_package_name": "rust-sudo-rs",
                    "source_package_version": "0.2.8-1ubuntu5.3",
                    "version": "0.2.8-1ubuntu5.3"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2130973
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Fix crash on script with no execute permissions (LP: #2130973)",
                            "    - d/p/post_028/lp-2130973-fix-script-crash-without-exec-permissions.patch",
                            ""
                        ],
                        "package": "rust-sudo-rs",
                        "version": "0.2.8-1ubuntu5.3",
                        "urgency": "medium",
                        "distributions": "questing",
                        "launchpad_bugs_fixed": [
                            2130973
                        ],
                        "author": "Ghadi Elie Rahme <ghadi.rahme@canonical.com>",
                        "date": "Fri, 09 Jan 2026 16:15:32 +0000"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "tzdata",
                "from_version": {
                    "source_package_name": "tzdata",
                    "source_package_version": "2025b-3ubuntu1",
                    "version": "2025b-3ubuntu1"
                },
                "to_version": {
                    "source_package_name": "tzdata",
                    "source_package_version": "2025b-3ubuntu1.1",
                    "version": "2025b-3ubuntu1.1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2130471
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * fix error on the 31st day of month with rust-coreutils (LP: #2130471)",
                            ""
                        ],
                        "package": "tzdata",
                        "version": "2025b-3ubuntu1.1",
                        "urgency": "medium",
                        "distributions": "questing",
                        "launchpad_bugs_fixed": [
                            2130471
                        ],
                        "author": "Simon Poirier <simon.poirier@canonical.com>",
                        "date": "Tue, 13 Jan 2026 12:09:34 -0500"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            }
        ],
        "snap": []
    },
    "added": {
        "deb": [
            {
                "name": "linux-image-6.17.0-12-generic",
                "from_version": {
                    "source_package_name": "linux-signed",
                    "source_package_version": "6.17.0-8.8",
                    "version": null
                },
                "to_version": {
                    "source_package_name": "linux-signed",
                    "source_package_version": "6.17.0-12.12",
                    "version": "6.17.0-12.12"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    1786013,
                    2131521
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Main version: 6.17.0-12.12",
                            "",
                            "  * Packaging resync (LP: #1786013)",
                            "    - [Packaging] debian/tracking-bug -- resync from main package",
                            "",
                            "  * Invalid symbolic link vmlinux -> stubble.efi-6.17.0-5-generic (LP: #2131521)",
                            "    - [Packaging] ensure we use the install prefix for stubble kernels",
                            ""
                        ],
                        "package": "linux-signed",
                        "version": "6.17.0-12.12",
                        "urgency": "medium",
                        "distributions": "questing",
                        "launchpad_bugs_fixed": [
                            1786013,
                            2131521
                        ],
                        "author": "Manuel Diewald <manuel.diewald@canonical.com>",
                        "date": "Fri, 09 Jan 2026 18:10:36 +0100"
                    }
                ],
                "notes": "linux-image-6.17.0-12-generic version '6.17.0-12.12' (source package linux-signed version '6.17.0-12.12') was added. linux-image-6.17.0-12-generic version '6.17.0-12.12' has the same source package name, linux-signed, as removed package linux-image-6.17.0-8-generic. As such we can use the source package version of the removed package, '6.17.0-8.8', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.",
                "is_version_downgrade": false
            },
            {
                "name": "linux-modules-6.17.0-12-generic",
                "from_version": {
                    "source_package_name": "linux",
                    "source_package_version": "6.17.0-8.8",
                    "version": null
                },
                "to_version": {
                    "source_package_name": "linux",
                    "source_package_version": "6.17.0-12.12",
                    "version": "6.17.0-12.12"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-40019",
                        "url": "https://ubuntu.com/security/CVE-2025-40019",
                        "cve_description": "In the Linux kernel, the following vulnerability has been resolved:  crypto: essiv - Check ssize for decryption and in-place encryption  Move the ssize check to the start in essiv_aead_crypt so that it's also checked for decryption and in-place encryption.",
                        "cve_priority": "medium",
                        "cve_public_date": "2025-10-24 12:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-40214",
                        "url": "https://ubuntu.com/security/CVE-2025-40214",
                        "cve_description": "In the Linux kernel, the following vulnerability has been resolved:  af_unix: Initialise scc_index in unix_add_edge().  Quang Le reported that the AF_UNIX GC could garbage-collect a receive queue of an alive in-flight socket, with a nice repro.  The repro consists of three stages.    1)     1-a. Create a single cyclic reference with many sockets     1-b. close() all sockets     1-c. Trigger GC    2)     2-a. Pass sk-A to an embryo sk-B     2-b. Pass sk-X to sk-X     2-c. Trigger GC    3)     3-a. accept() the embryo sk-B     3-b. Pass sk-B to sk-C     3-c. close() the in-flight sk-A     3-d. Trigger GC  As of 2-c, sk-A and sk-X are linked to unix_unvisited_vertices, and unix_walk_scc() groups them into two different SCCs:    unix_sk(sk-A)->vertex->scc_index = 2 (UNIX_VERTEX_INDEX_START)   unix_sk(sk-X)->vertex->scc_index = 3  Once GC completes, unix_graph_grouped is set to true. Also, unix_graph_maybe_cyclic is set to true due to sk-X's cyclic self-reference, which makes close() trigger GC.  At 3-b, unix_add_edge() allocates unix_sk(sk-B)->vertex and links it to unix_unvisited_vertices.  unix_update_graph() is called at 3-a. and 3-b., but neither unix_graph_grouped nor unix_graph_maybe_cyclic is changed because both sk-B's listener and sk-C are not in-flight.  3-c decrements sk-A's file refcnt to 1.  Since unix_graph_grouped is true at 3-d, unix_walk_scc_fast() is finally called and iterates 3 sockets sk-A, sk-B, and sk-X:    sk-A -> sk-B (-> sk-C)   sk-X -> sk-X  This is totally fine.  All of them are not yet close()d and should be grouped into different SCCs.  However, unix_vertex_dead() misjudges that sk-A and sk-B are in the same SCC and sk-A is dead.    unix_sk(sk-A)->scc_index == unix_sk(sk-B)->scc_index <-- Wrong!   &&   sk-A's file refcnt == unix_sk(sk-A)->vertex->out_degree                                        ^-- 1 in-flight count for sk-B   -> sk-A is dead !?  The problem is that unix_add_edge() does not initialise scc_index.  Stage 1) is used for heap spraying, making a newly allocated vertex have vertex->scc_index == 2 (UNIX_VERTEX_INDEX_START) set by unix_walk_scc() at 1-c.  Let's track the max SCC index from the previous unix_walk_scc() call and assign the max + 1 to a new vertex's scc_index.  This way, we can continue to avoid Tarjan's algorithm while preventing misjudgments.",
                        "cve_priority": "high",
                        "cve_public_date": "2025-12-04 13:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [
                    2138115
                ],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-40019",
                                "url": "https://ubuntu.com/security/CVE-2025-40019",
                                "cve_description": "In the Linux kernel, the following vulnerability has been resolved:  crypto: essiv - Check ssize for decryption and in-place encryption  Move the ssize check to the start in essiv_aead_crypt so that it's also checked for decryption and in-place encryption.",
                                "cve_priority": "medium",
                                "cve_public_date": "2025-10-24 12:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-40214",
                                "url": "https://ubuntu.com/security/CVE-2025-40214",
                                "cve_description": "In the Linux kernel, the following vulnerability has been resolved:  af_unix: Initialise scc_index in unix_add_edge().  Quang Le reported that the AF_UNIX GC could garbage-collect a receive queue of an alive in-flight socket, with a nice repro.  The repro consists of three stages.    1)     1-a. Create a single cyclic reference with many sockets     1-b. close() all sockets     1-c. Trigger GC    2)     2-a. Pass sk-A to an embryo sk-B     2-b. Pass sk-X to sk-X     2-c. Trigger GC    3)     3-a. accept() the embryo sk-B     3-b. Pass sk-B to sk-C     3-c. close() the in-flight sk-A     3-d. Trigger GC  As of 2-c, sk-A and sk-X are linked to unix_unvisited_vertices, and unix_walk_scc() groups them into two different SCCs:    unix_sk(sk-A)->vertex->scc_index = 2 (UNIX_VERTEX_INDEX_START)   unix_sk(sk-X)->vertex->scc_index = 3  Once GC completes, unix_graph_grouped is set to true. Also, unix_graph_maybe_cyclic is set to true due to sk-X's cyclic self-reference, which makes close() trigger GC.  At 3-b, unix_add_edge() allocates unix_sk(sk-B)->vertex and links it to unix_unvisited_vertices.  unix_update_graph() is called at 3-a. and 3-b., but neither unix_graph_grouped nor unix_graph_maybe_cyclic is changed because both sk-B's listener and sk-C are not in-flight.  3-c decrements sk-A's file refcnt to 1.  Since unix_graph_grouped is true at 3-d, unix_walk_scc_fast() is finally called and iterates 3 sockets sk-A, sk-B, and sk-X:    sk-A -> sk-B (-> sk-C)   sk-X -> sk-X  This is totally fine.  All of them are not yet close()d and should be grouped into different SCCs.  However, unix_vertex_dead() misjudges that sk-A and sk-B are in the same SCC and sk-A is dead.    unix_sk(sk-A)->scc_index == unix_sk(sk-B)->scc_index <-- Wrong!   &&   sk-A's file refcnt == unix_sk(sk-A)->vertex->out_degree                                        ^-- 1 in-flight count for sk-B   -> sk-A is dead !?  The problem is that unix_add_edge() does not initialise scc_index.  Stage 1) is used for heap spraying, making a newly allocated vertex have vertex->scc_index == 2 (UNIX_VERTEX_INDEX_START) set by unix_walk_scc() at 1-c.  Let's track the max SCC index from the previous unix_walk_scc() call and assign the max + 1 to a new vertex's scc_index.  This way, we can continue to avoid Tarjan's algorithm while preventing misjudgments.",
                                "cve_priority": "high",
                                "cve_public_date": "2025-12-04 13:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * questing/linux: 6.17.0-12.12 -proposed tracker (LP: #2138115)",
                            "",
                            "  * CVE-2025-40019",
                            "    - crypto: essiv - Check ssize for decryption and in-place encryption",
                            "",
                            "  * CVE-2025-40214",
                            "    - af_unix: Initialise scc_index in unix_add_edge().",
                            ""
                        ],
                        "package": "linux",
                        "version": "6.17.0-12.12",
                        "urgency": "medium",
                        "distributions": "questing",
                        "launchpad_bugs_fixed": [
                            2138115
                        ],
                        "author": "Manuel Diewald <manuel.diewald@canonical.com>",
                        "date": "Fri, 09 Jan 2026 17:02:31 +0100"
                    }
                ],
                "notes": "linux-modules-6.17.0-12-generic version '6.17.0-12.12' (source package linux version '6.17.0-12.12') was added. linux-modules-6.17.0-12-generic version '6.17.0-12.12' has the same source package name, linux, as removed package linux-modules-6.17.0-8-generic. As such we can use the source package version of the removed package, '6.17.0-8.8', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.",
                "is_version_downgrade": false
            }
        ],
        "snap": []
    },
    "removed": {
        "deb": [
            {
                "name": "linux-image-6.17.0-8-generic",
                "from_version": {
                    "source_package_name": "linux-signed",
                    "source_package_version": "6.17.0-8.8",
                    "version": "6.17.0-8.8"
                },
                "to_version": {
                    "source_package_name": null,
                    "source_package_version": null,
                    "version": null
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "linux-modules-6.17.0-8-generic",
                "from_version": {
                    "source_package_name": "linux",
                    "source_package_version": "6.17.0-8.8",
                    "version": "6.17.0-8.8"
                },
                "to_version": {
                    "source_package_name": null,
                    "source_package_version": null,
                    "version": null
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [],
                "notes": null,
                "is_version_downgrade": false
            }
        ],
        "snap": []
    },
    "notes": "Changelog diff for Ubuntu 25.10 questing image from release image serial 20260107 to 20260130",
    "from_series": "questing",
    "to_series": "questing",
    "from_serial": "20260107",
    "to_serial": "20260130",
    "from_manifest_filename": "release_manifest.previous",
    "to_manifest_filename": "manifest.current"
}