Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/pyopenssl@26.1.0-1
purl pkg:deb/debian/pyopenssl@26.1.0-1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-dt7c-fvqj-2bek pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback If a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Unhandled exceptions now result in rejecting the connection. Credit to **Leury Castillo** for reporting this issue. CVE-2026-27448
GHSA-vp96-hxj8-p424
VCID-mt1s-vhfk-5bda pyOpenSSL DTLS cookie callback buffer overflow If a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Cookie values that are too long are now rejected. CVE-2026-27459
GHSA-5pwr-322w-8jr4

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-02T00:25:42.711094+00:00 Debian Importer Fixing VCID-dt7c-fvqj-2bek https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-01T21:55:14.417495+00:00 Debian Importer Fixing VCID-mt1s-vhfk-5bda https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-04-29T12:44:42.142281+00:00 Debian Importer Fixing VCID-mt1s-vhfk-5bda https://security-tracker.debian.org/tracker/data/json 38.5.0