Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dff9dc7d by Salvatore Bonaccorso at 2026-04-02T09:41:00+02:00
Add two new mbedtls issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41,9 +41,11 @@ CVE-2026-3987 (A path traversal vulnerability in the
Fireware OS Web UI on Watch
CVE-2026-3882
REJECTED
CVE-2026-34873 (An issue was discovered in Mbed TLS 3.5.0 through 4.0.0.
Client impers ...)
- TODO: check
+ - mbedtls <unfixed>
+ NOTE:
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-client-impersonation-while-resuming-tls13-session/
CVE-2026-34872 (An issue was discovered in Mbed TLS 3.5.x and 3.6.x through
3.6.5 and ...)
- TODO: check
+ - mbedtls <unfixed>
+ NOTE:
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ffdh-peerkey-checks/
CVE-2026-34750 (Payload is a free and open source headless content management
system. ...)
NOT-FOR-US: Payload CMS
CVE-2026-34749 (Payload is a free and open source headless content management
system. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dff9dc7d2b1eae8cb413a57ca1d300091fde2134
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dff9dc7d2b1eae8cb413a57ca1d300091fde2134
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
