File _patchinfo of Package patchinfo.43402

<patchinfo incident="43402">
  <!--generated with prepare-update from request 404530-->
  <issue tracker="bnc" id="1260441">VUL-0: EMBARGOED: CVE-2026-28387: openssl, openssl-3: Potential use-after-free in DANE client code</issue>
  <issue tracker="bnc" id="1260442">VUL-0: EMBARGOED: CVE-2026-28388: openssl, openssl-3: NULL Pointer Dereference When Processing a Delta CRL</issue>
  <issue tracker="bnc" id="1260443">VUL-0: EMBARGOED: CVE-2026-28389: openssl, openssl-3: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo</issue>
  <issue tracker="bnc" id="1260444">VUL-0: EMBARGOED: CVE-2026-31789: openssl, openssl-3: Heap buffer overflow in hexadecimal conversion</issue>
  <issue tracker="bnc" id="1260445">VUL-0: EMBARGOED: CVE-2026-31790: openssl, openssl-3: Incorrect failure handling in RSA KEM RSASVE encapsulation</issue>
  <issue tracker="cve" id="2026-28387"/>
  <issue tracker="cve" id="2026-28388"/>
  <issue tracker="cve" id="2026-28389"/>
  <issue tracker="cve" id="2026-31789"/>
  <issue tracker="cve" id="2026-31790"/>
  <category>security</category>
  <rating>important</rating>
  <packager>pmonrealgonzalez</packager>
  <summary>Security update for openssl-3</summary>
  <description>This update for openssl-3 fixes the following issues:

- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).
</description>
</patchinfo>