[Git][security-tracker-team/security-tracker][master] Add new mbedtls issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 2 07:19:10 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8bb2e665 by Salvatore Bonaccorso at 2026-04-02T08:18:46+02:00
Add new mbedtls issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -59,11 +59,14 @@ CVE-2026-34999 (OpenViking versions 0.2.5 prior to 0.2.14 contain a missing auth
 CVE-2026-34889 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-34875 (An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1. ...)
-	TODO: check
+	- mbedtls <unfixed>
+	NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ffdh-buffer-overflow/
 CVE-2026-34874 (An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0. ...)
-	TODO: check
+	- mbedtls <unfixed>
+	NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-null-pointer-dereference-x509/
 CVE-2026-34871 (An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0  ...)
-	TODO: check
+	- mbedtls <unfixed>
+	NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-dev-random/
 CVE-2026-34751 (Payload is a free and open source headless content management system.  ...)
 	NOT-FOR-US: Payload CMS
 CVE-2026-34604 (Tina is a headless content management system. Prior to version 2.2.2,  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bb2e6658cbc2745a9f575d3e70028b351754a7d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bb2e6658cbc2745a9f575d3e70028b351754a7d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260402/4350d0aa/attachment.htm>

More information about the debian-security-tracker-commits mailing list