[Git][security-tracker-team/security-tracker][master] Add Debian bug references for mbedtls issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jul 5 08:48:29 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c7096326 by Salvatore Bonaccorso at 2025-07-05T09:48:01+02:00
Add Debian bug references for mbedtls issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2025-47917
- - mbedtls <unfixed>
+ - mbedtls <unfixed> (bug #1108791)
NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-7.md
CVE-2025-48965
- - mbedtls <unfixed>
+ - mbedtls <unfixed> (bug #1108790)
NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-6.md
CVE-2025-49087
- - mbedtls <unfixed>
+ - mbedtls <unfixed> (bug #1108789)
[bookworm] - mbedtls <not-affected> (Vulnerable code not present)
[bullseye] - mbedtls <not-affected> (Vulnerable code not present)
NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-5.md
@@ -83,10 +83,10 @@ CVE-2025-52776 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-52718 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
NOT-FOR-US: WordPress plugin
CVE-2025-52497 (Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer und ...)
- - mbedtls <unfixed>
+ - mbedtls <unfixed> (bug #1108786)
NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-2.md
CVE-2025-52496 (Mbed TLS before 3.6.4 has a race condition in AESNI detection if certa ...)
- - mbedtls <unfixed>
+ - mbedtls <unfixed> (bug #1108785)
NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-1.md
CVE-2025-50039 (Missing Authorization vulnerability in vgwort VG WORT METIS allows Exp ...)
NOT-FOR-US: WordPress plugin
@@ -104,12 +104,12 @@ CVE-2025-49809 (mtr through 0.95, in certain privileged contexts, mishandles exe
- mtr <unfixed>
NOTE: Fixed by: https://github.com/traviscross/mtr/commit/5226f105f087c29d3cfad9f28000e7536af91ac6
CVE-2025-49601 (In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key does not ...)
- - mbedtls <unfixed>
+ - mbedtls <unfixed> (bug #1108788)
[bookworm] - mbedtls <not-affected> (Vulnerable code not present)
[bullseye] - mbedtls <not-affected> (Vulnerable code not present)
NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-4.md
CVE-2025-49600 (In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept invalid s ...)
- - mbedtls <unfixed>
+ - mbedtls <unfixed> (bug #1108787)
[bookworm] - mbedtls <not-affected> (Vulnerable code not present)
[bullseye] - mbedtls <not-affected> (Vulnerable code not present)
NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-3.md
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7096326aaa4080f42ae33620f2e4155dc0ac0aa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7096326aaa4080f42ae33620f2e4155dc0ac0aa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250705/9b213605/attachment.htm>
More information about the debian-security-tracker-commits
mailing list