[Git][security-tracker-team/security-tracker][master] Reference commit for CVE-2026-25834

Thu, 21 May 2026 13:48:18 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
549f5941 by Salvatore Bonaccorso at 2026-05-21T22:47:41+02:00
Reference commit for CVE-2026-25834

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29841,6 +29841,7 @@ CVE-2026-25834 (Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 
allows Algorithm Downgrade
        [bullseye] - mbedtls <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-sigalg-injection/
        NOTE: Introduced by: 
https://github.com/Mbed-TLS/mbedtls/commit/693a47ab1d076164baf0e5baff645b0e0d4d966b
 (mbedtls-3.3.0)
+       NOTE: Fixed by: 
https://github.com/Mbed-TLS/mbedtls/commit/0165a8d7637a458f49cfe01be1f21aa0f91143d7
 (mbedtls-3.6.6)
 CVE-2026-25833 (Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer 
overflow ...)
        - mbedtls 3.6.6-0.1 (bug #1133841; unimportant)
        NOTE: 
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-inet-pton/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/549f594113dc5b3f43705e05dbd7adf1092e2406

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/549f594113dc5b3f43705e05dbd7adf1092e2406
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to