[Debian-iot-maintainers] mbedtls_3.6.6-0.1_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Fri May 15 18:48:50 BST 2026
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 30 Apr 2026 15:38:39 +0300
Source: mbedtls
Architecture: source
Version: 3.6.6-0.1
Distribution: unstable
Urgency: medium
Maintainer: Debian IoT Maintainers <debian-iot-maintainers at alioth-lists.debian.net>
Changed-By: Adrian Bunk <bunk at debian.org>
Closes: 1132577 1133841
Changes:
mbedtls (3.6.6-0.1) unstable; urgency=medium
.
* Non-maintainer upload.
* New upstream release.
- CVE-2026-25834: Signature Algorithm Injection
- CVE-2026-25835: PSA random generator cloning
- CVE-2026-34872: FFDH: improper input validation
- CVE-2026-34873: Client impersonation resuming a TLS 1.3 session
- CVE-2026-34874: Null pointer dereference setting a distinguished name
- CVE-2026-34875: Buffer overflow in FFDH public key export
- CVE-2026-34876: CCM multipart finish tag-length validation bypass
(Closes: #1133841, #1132577)
Checksums-Sha1:
a874b9a95ac96434584f7dc5afd71143997edfd5 2456 mbedtls_3.6.6-0.1.dsc
71dd91cc76e77a0dcf0d8020377523ed7e703d8e 5508045 mbedtls_3.6.6.orig.tar.bz2
d13733695145ca25276cd740d4753a536e65085e 19060 mbedtls_3.6.6-0.1.debian.tar.xz
Checksums-Sha256:
cb5fe6f6b65667f993092eb7359b98155ceb8e67fa978afdf06256c75efe0bb4 2456 mbedtls_3.6.6-0.1.dsc
8fb65fae8dcae5840f793c0a334860a411f884cc537ea290ce1c52bb64ca007a 5508045 mbedtls_3.6.6.orig.tar.bz2
223d5b247d60c8954cd14a6c685a9fbaf68578dc19c8f7b70b29a29cc5aa48aa 19060 mbedtls_3.6.6-0.1.debian.tar.xz
Files:
30c4ca31518e43e0d230d1e58af35bb2 2456 libs optional mbedtls_3.6.6-0.1.dsc
8147a63a1ce289ebc0fb2190a5cce03f 5508045 libs optional mbedtls_3.6.6.orig.tar.bz2
2de996e1eaeafb07437fc64a3a3c8d89 19060 libs optional mbedtls_3.6.6-0.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmnzh3EACgkQiNJCh6LY
mLHFbBAAwas+HcuktlyDLsAO18i1skoPIHWz9/rooR/yAN2i69ykhN5D8nel4rIT
30nb4clQzFftZojiLbCsLH0+vEIyDvbd6VJQgBqXGOQZf/JdDcRGdEBPoDVupPdY
2STexUbGcCfshgixj8DYiPbEU4ulFT6gI6AO39P9zwjfs1LVXGXtITCR4d1lJY0i
Z2jlJmg9BVXzy8CEfmLSUCiuJeRBEt3/85+LPUc22tQ4hfbF/XfcjVo88STKY+gG
1y0nfkZgex4p+YTvAOOgmufstqHKdPx1bFRNTezdAQwtHfCnvR70VCAWihqZiQHx
4tkyBnUiHAEISx7orYYlO5TugrEbE8EHdcF1pq7Mhf33OQgNo9XQlK+uiWpuaB0N
Ad8fkGfC4DBzK0dnYwXvePo9uJ9ysyebfjFrBbhQnGzDzcAKF8mdFmD01+tidlQH
4/0f1+PqSttNOsg0awfxnv73mxJpuDFt4hbhxNzs9EgIzTJkjaYUxh9fYxU4tAZm
+dt+3bBI4mJsg5KwLeyd6qLbUFM7FdiXAnCiWNTcjcELonMRKZNn2H2k9drRDi1Q
zx+/YfWgs7YBPLUp5AxEGxrYTaEAwyLTJ15n2ElouLnexLHWoX6j6cunX4igjbNG
AEZIibOJPNSpPGIVhql/wS7YiCdoda2pzNaorQTXyi1tJ2VOj4A=
=kXe0
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-iot-maintainers/attachments/20260515/4748bf08/attachment.sig>
More information about the Debian-iot-maintainers
mailing list