[Git][security-tracker-team/security-tracker][master] Add two new mbedtls issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 2 08:45:52 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dff9dc7d by Salvatore Bonaccorso at 2026-04-02T09:41:00+02:00
Add two new mbedtls issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41,9 +41,11 @@ CVE-2026-3987 (A path traversal vulnerability in the Fireware OS Web UI on Watch
CVE-2026-3882
REJECTED
CVE-2026-34873 (An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impers ...)
- TODO: check
+ - mbedtls <unfixed>
+ NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-client-impersonation-while-resuming-tls13-session/
CVE-2026-34872 (An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and ...)
- TODO: check
+ - mbedtls <unfixed>
+ NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ffdh-peerkey-checks/
CVE-2026-34750 (Payload is a free and open source headless content management system. ...)
NOT-FOR-US: Payload CMS
CVE-2026-34749 (Payload is a free and open source headless content management system. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dff9dc7d2b1eae8cb413a57ca1d300091fde2134
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dff9dc7d2b1eae8cb413a57ca1d300091fde2134
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260402/98b0d28a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list