[Debian-iot-maintainers] Bug#1138840: bookworm-pu: package mbedtls/2.28.10-0+deb13u1
Bastian Germann
bage at debian.org
Thu Jun 4 15:23:27 BST 2026
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: mbedtls at packages.debian.org
Control: affects -1 + src:mbedtls
User: release.debian.org at packages.debian.org
Usertags: pu
[ Reason ]
Fix outstanding security issues that are fixed with stable upstream
updates.
[ Impact ]
Vulnerable for CVE-2024-23170, CVE-2024-23775, CVE-2024-28960, CVE-2024-45157, CVE-2025-27809, CVE-2025-27810
[ Tests ]
Build all direct reverse dependencies. The builds all pass.
[ Risks ]
Subtle behaviour change. I deem the risk to be quite low because the
2.28.x update is a stable branch update that is designed to only carry
changes that are supposed to have no functional impact on a user.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in oldstable
[x] the issue is verified as fixed in unstable
[ Changes ]
Apply the stable update from 2.28.3 to 2.28.10. The .10 version was
never in Debian. Last 2.28 version to hit unstable was 2.28.8.
[ Other info ]
There is a license change but it is only adding a secondary license.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mbedtls_2.28.10-0+deb13u1.debdiff.gz
Type: application/gzip
Size: 1000296 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-iot-maintainers/attachments/20260604/0ac2a2b4/attachment-0001.gz>
More information about the Debian-iot-maintainers
mailing list