|
|
Log in / Subscribe / Register

Debian alert DLA-4426-2 (osslsigncode)



From:
              Abhijith PA <abhijith@debian.org>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 4426-2] osslsigncode regression update


Date:
              Fri, 23 Jan 2026 13:59:38 +0530


Message-ID:
              <aXMxcga8ALOl5735@debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4426-2                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Abhijith PA
January 23, 2026                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : osslsigncode
Version        : 2.5-4~deb11u1+really2.9-1+deb11u2
Debian Bug     : 1076785

Fix for vulnerability CVE-2023-36377 was released in DLA 4426-1 by
upgrading to version 2.5-4, which had a known bug #1076785. This issue
is fixed by updating to version 2.9.  https://bugs.debian.org/1076785

For Debian 11 bullseye, this problem has been fixed in version
2.5-4~deb11u1+really2.9-1+deb11u2.

We recommend that you upgrade your osslsigncode packages.

For the detailed security status of osslsigncode please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/osslsigncode

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmlzMXEACgkQhj1N8u2c
KO+yxg//cDB5F4qhQvzvfKKAJtrdMsWBc6GufqGV60YCsXaAwYKCWGd/Ue/GoNKY
S8+GaB06lv0y+/N6xxrn+3wdOUe1Gvp05SYVYbcCUI9KVORonan4gCLbh/MA9Ao1
NHOaSE5sUly5hjtJuNFrSaZJzpaY9uGNzJf0Z79v7tekNuuPWckVJj/dsNTwjX25
jH8GauNVSkOZjpy7eNdZ5NdYGit+HDtawjvjBX20gaAk2rsTMtWbMCLiN5LL+xDU
dOFW5IWwV82vkpDRcDrYKJL7zRMdwIaPW0eWqWlT1PHW4B5Gbx6PR5PPZXJH07kD
MOgIj5MUnobkLzhnAGRdN5JPRBwAIxw6aDSbSFNfjaG5CoZyf9hplV0I5TWAPQyJ
i3Lqzn9ICzHBXS5mM2DYvGyUToEWCuMwuIqsZTP53k3jbNmKQ1EtPv0RuIpF3Q6R
nqB4OG/BGdISoNjMouUA+0fyrAG9vEObs9Qu90awHfarR8g5RKPdlxKNBGEelMsa
K70W03pYmu99Ua8UVwoRtoKdP55ncO/NOe/FN3GGNd2wgR+ZD99cNI5mKl0vZ7pW
jdoTaIh0DM+FSI5NoEQkZ11gR3odvsNZB862oVuGAmXxTgJZyQi13vvpGMNmrBUd
ZndRJilwgO7/pcCD4Xldr7trxJisnbMPWQZwl1kXQQhooC0V4Gs=
=unF4
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds