[Git][security-tracker-team/security-tracker][master] Track proposed update for mbedtls via trixie-pu

Fri, 02 Jan 2026 14:33:12 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
551484d9 by Salvatore Bonaccorso at 2026-01-02T23:32:14+01:00
Track proposed update for mbedtls via trixie-pu

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -28210,6 +28210,7 @@ CVE-2025-5496 (ZohoCorp ManageEngine Endpoint Central 
versions earlier than 11.4
        NOT-FOR-US: Zoho
 CVE-2025-59438 (Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.)
        - mbedtls 3.6.5-0.1 (bug #1118752)
+       [trixie] - mbedtls <no-dsa> (Will be fixed via point release update)
        NOTE: 
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/
        NOTE: 
https://github.com/Mbed-TLS/mbedtls/commit/155de2ab775e77ab6fa81bf2b1e6e63768123bc1
 (mbedtls-3.6.5)
        NOTE: 
https://github.com/Mbed-TLS/mbedtls/commit/d179dc80a5b13189c79fe4531eacb28698a7a0e9
 (mbedtls-3.6.5)
@@ -28421,6 +28422,7 @@ CVE-2025-60781 (PHP Education Manager v1.0 is 
vulnerable to Cross Site Scripting
        NOT-FOR-US: PHP Education Manager
 CVE-2025-54764 (Mbed TLS before 3.6.5 allows a local timing attack against 
certain RSA ...)
        - mbedtls 3.6.5-0.1 (bug #1118750)
+       [trixie] - mbedtls <no-dsa> (Will be fixed via point release update)
        NOTE: 
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/
 CVE-2025-26392 (SolarWinds Observability Self-Hosted is susceptible to SQL 
injection v ...)
        NOT-FOR-US: SolarWinds


=====================================
data/next-point-update.txt
=====================================
@@ -118,3 +118,7 @@ CVE-2025-67746
        [trixie] - composer 2.8.8-1+deb13u1
 CVE-2025-67897
        [trixie] - rust-sequoia-openpgp 2.0.0-2+deb13u1
+CVE-2025-54764
+       [trixie] - mbedtls 3.6.5-0.1~deb13u1
+CVE-2025-59438
+       [trixie] - mbedtls 3.6.5-0.1~deb13u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/551484d90928f6a6664839501f85347d84677c16

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/551484d90928f6a6664839501f85347d84677c16
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to