[From nobody Fri May 15 18:51:08 2026 Received: (at 1133841-close) by bugs.debian.org; 15 May 2026 17:48:51 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-114.1 required=4.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FOURLA, FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,MD5_SHA1_SUM,PGPSIGNATURE, USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 11; hammy, 150; neutral, 248; spammy, 0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK, 0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--HX-DAK:process-upload, 0.000-+--UD:debian.tar.xz, 0.000-+--H*r:sk:fasolo. Return-path: <envelope@ftp-master.debian.org> Received: from muffat.debian.org ([2607:f8f0:614:1::1274:33]:44000) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wNweZ-00H0LE-1J for 1133841-close@bugs.debian.org; Fri, 15 May 2026 17:48:51 +0000 Received: via submission from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, CN=fasolo.debian.org, EMAIL=hostmaster@fasolo.debian.org (verified) by muffat.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wNweZ-006x6E-0H for 1133841-close@bugs.debian.org; Fri, 15 May 2026 17:48:51 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=GkKu8GMpDA2P41Lz6Veqxu2hiUp0S6VRYRRMzbsTn/M=; b=RAWp+4GArVujtpjpCDWV2e5dlo ORpiXcY7Rogck/+TOd8vEajCME+zebDwDSJOhN6uPuAKUnZuUVf6H+2/P51OggLOiD6P1UYUcK+nb UMaFaFH9QvNo72VB2FXKJ+2z6FgLBIVVINRfr2pVJ8SsaigSSz8DNsUx0qeDzYj9Ogmb2HsAcwU+K pdQzznjl+KDCL/rtYKqbk5WuKFXb6/qN8xIDWuY4dMrRYdWIhsh6aYdxb0G1Gu9LLT72EDlzhvX8u pdJW8A/fCxXuTi0pGNopmJX1EPtdyVcYEvmLUuMQDJQo+QLyya4Cz1pG9WsfM8Dc/jXrOBJwfLY3E 7qkZxg1Q==; Received: from dak by fasolo.debian.org with local (Exim 4.98.2) (envelope-from <envelope@ftp-master.debian.org>) id 1wNweY-0000000D7FD-1K1T; Fri, 15 May 2026 17:48:50 +0000 From: Debian FTP Masters <ftpmaster@ftp-master.debian.org> Reply-To: Adrian Bunk <bunk@debian.org> To: 1133841-close@bugs.debian.org X-DAK: dak process-upload X-Debian: DAK X-Debian-Package: mbedtls Debian: DAK Debian-Changes: mbedtls_3.6.6-0.1_source.changes Debian-Source: mbedtls Debian-Version: 3.6.6-0.1 Debian-Architecture: source Debian-Suite: unstable Debian-Archive-Action: accept MIME-Version: 1.0 Subject: Bug#1133841: fixed in mbedtls 3.6.6-0.1 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============5397969654702676650==" Message-Id: <E1wNweY-0000000D7FD-1K1T@fasolo.debian.org> Date: Fri, 15 May 2026 17:48:50 +0000 --===============5397969654702676650== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Source: mbedtls Source-Version: 3.6.6-0.1 Done: Adrian Bunk <bunk@debian.org> We believe that the bug you reported is fixed in the latest version of mbedtls, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1133841@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adrian Bunk <bunk@debian.org> (supplier of updated mbedtls package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 30 Apr 2026 15:38:39 +0300 Source: mbedtls Architecture: source Version: 3.6.6-0.1 Distribution: unstable Urgency: medium Maintainer: Debian IoT Maintainers <debian-iot-maintainers@alioth-lists.debia= n.net> Changed-By: Adrian Bunk <bunk@debian.org> Closes: 1132577 1133841 Changes: mbedtls (3.6.6-0.1) unstable; urgency=3Dmedium . * Non-maintainer upload. * New upstream release. - CVE-2026-25834: Signature Algorithm Injection - CVE-2026-25835: PSA random generator cloning - CVE-2026-34872: FFDH: improper input validation - CVE-2026-34873: Client impersonation resuming a TLS 1.3 session - CVE-2026-34874: Null pointer dereference setting a distinguished name - CVE-2026-34875: Buffer overflow in FFDH public key export - CVE-2026-34876: CCM multipart finish tag-length validation bypass (Closes: #1133841, #1132577) Checksums-Sha1: a874b9a95ac96434584f7dc5afd71143997edfd5 2456 mbedtls_3.6.6-0.1.dsc 71dd91cc76e77a0dcf0d8020377523ed7e703d8e 5508045 mbedtls_3.6.6.orig.tar.bz2 d13733695145ca25276cd740d4753a536e65085e 19060 mbedtls_3.6.6-0.1.debian.tar.= xz Checksums-Sha256: cb5fe6f6b65667f993092eb7359b98155ceb8e67fa978afdf06256c75efe0bb4 2456 mbedtl= s_3.6.6-0.1.dsc 8fb65fae8dcae5840f793c0a334860a411f884cc537ea290ce1c52bb64ca007a 5508045 mbe= dtls_3.6.6.orig.tar.bz2 223d5b247d60c8954cd14a6c685a9fbaf68578dc19c8f7b70b29a29cc5aa48aa 19060 mbedt= ls_3.6.6-0.1.debian.tar.xz Files: 30c4ca31518e43e0d230d1e58af35bb2 2456 libs optional mbedtls_3.6.6-0.1.dsc 8147a63a1ce289ebc0fb2190a5cce03f 5508045 libs optional mbedtls_3.6.6.orig.ta= r.bz2 2de996e1eaeafb07437fc64a3a3c8d89 19060 libs optional mbedtls_3.6.6-0.1.debia= n.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmnzh3EACgkQiNJCh6LY mLHFbBAAwas+HcuktlyDLsAO18i1skoPIHWz9/rooR/yAN2i69ykhN5D8nel4rIT 30nb4clQzFftZojiLbCsLH0+vEIyDvbd6VJQgBqXGOQZf/JdDcRGdEBPoDVupPdY 2STexUbGcCfshgixj8DYiPbEU4ulFT6gI6AO39P9zwjfs1LVXGXtITCR4d1lJY0i Z2jlJmg9BVXzy8CEfmLSUCiuJeRBEt3/85+LPUc22tQ4hfbF/XfcjVo88STKY+gG 1y0nfkZgex4p+YTvAOOgmufstqHKdPx1bFRNTezdAQwtHfCnvR70VCAWihqZiQHx 4tkyBnUiHAEISx7orYYlO5TugrEbE8EHdcF1pq7Mhf33OQgNo9XQlK+uiWpuaB0N Ad8fkGfC4DBzK0dnYwXvePo9uJ9ysyebfjFrBbhQnGzDzcAKF8mdFmD01+tidlQH 4/0f1+PqSttNOsg0awfxnv73mxJpuDFt4hbhxNzs9EgIzTJkjaYUxh9fYxU4tAZm +dt+3bBI4mJsg5KwLeyd6qLbUFM7FdiXAnCiWNTcjcELonMRKZNn2H2k9drRDi1Q zx+/YfWgs7YBPLUp5AxEGxrYTaEAwyLTJ15n2ElouLnexLHWoX6j6cunX4igjbNG AEZIibOJPNSpPGIVhql/wS7YiCdoda2pzNaorQTXyi1tJ2VOj4A=3D =3DkXe0 -----END PGP SIGNATURE----- --===============5397969654702676650== Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCagdcggAKCRCb9qggYcy5 IWNQAP9a4QAnU4sANLR//rfAP9tGGszeY3aaHT2IKAFIl+F16gD7BD/8iqNKn4VJ oy9YOhigNhop55YYYJ9v80RUFtfmugM= =rr9u -----END PGP SIGNATURE----- --===============5397969654702676650==-- ]