[Git][security-tracker-team/security-tracker][master] 2 commits: Reference 3.6.3 commit for CVE-2025-27810

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 26 16:22:11 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a6b81137 by Salvatore Bonaccorso at 2025-08-26T17:21:23+02:00
Reference 3.6.3 commit for CVE-2025-27810

- - - - -
6e1943cb by Salvatore Bonaccorso at 2025-08-26T17:21:44+02:00
CVE-2025-27809: Add reference to commit for 3.6.3

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -49087,14 +49087,16 @@ CVE-2025-27810 (Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of f
 	[bookworm] - mbedtls <no-dsa> (Minor issue)
 	[bullseye] - mbedtls <ignored> (Issue mainly concerns PSA subsystem introduced later, unclear if relevant elsewhere)
 	NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/
-	NOTE: Backport for 2.28 branch: https://github.com/Mbed-TLS/mbedtls/commit/6070470dfd5c680a59a55bc55299e1a65a6c7049
+	NOTE: https://github.com/Mbed-TLS/mbedtls/commit/26f0044ad020dc3c8db1b4001464acaef7dfbd52 (mbedtls-3.6.3)
+	NOTE: https://github.com/Mbed-TLS/mbedtls/commit/6070470dfd5c680a59a55bc55299e1a65a6c7049 (mbedtls-2.28.10)
 CVE-2025-27809 (Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, acce ...)
 	- mbedtls 3.6.3-1 (bug #1101499)
 	[bookworm] - mbedtls <no-dsa> (Minor issue)
 	[bullseye] - mbedtls <ignored> (Too disruptive for rdeps if backported)
 	NOTE: https://github.com/Mbed-TLS/mbedtls/issues/466
 	NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/
-	NOTE: Backport for 2.28 branch: https://github.com/Mbed-TLS/mbedtls/commit/c43a9d5576c3f9b9da21454711c104b1f9d73efa
+	NOTE: https://github.com/Mbed-TLS/mbedtls/commit/9a9f0c77cfd314b761aaeef7a521565e00019b4a (mbedtls-3.6.3)
+	NOTE: https://github.com/Mbed-TLS/mbedtls/commit/c43a9d5576c3f9b9da21454711c104b1f9d73efa (mbedtls-2.28.10)
 CVE-2025-26512 (SnapCenter versions prior to  6.0.1P1 and 6.1P1 are susceptible to a v ...)
 	NOT-FOR-US: NetApp
 CVE-2025-1798 (The  does not sanitise and escape some parameters when outputting them ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ff76492bc1d677097ce245078da8d53a87264466...6e1943cb5d5798d54f1347bbe70ddf16940e8759

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ff76492bc1d677097ce245078da8d53a87264466...6e1943cb5d5798d54f1347bbe70ddf16940e8759
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250826/4b74440c/attachment.htm>

More information about the debian-security-tracker-commits mailing list