[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for mbedtls issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 3 10:21:02 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
802b94f8 by Salvatore Bonaccorso at 2026-04-03T11:20:32+02:00
Add Debian bug reference for mbedtls issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -222,10 +222,10 @@ CVE-2026-34973 (phpMyFAQ is an open source FAQ web application. Prior to version
CVE-2026-34890 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-34877 (An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, ...)
- - mbedtls <unfixed>
+ - mbedtls <unfixed> (bug #1132577)
NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-serialized-data/
CVE-2026-34876 (An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds ...)
- - mbedtls <unfixed>
+ - mbedtls <unfixed> (bug #1132577)
NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ccm-finish-boundary-check/
CVE-2026-34835 (Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 ...)
[experimental] - ruby-rack 3.2.6-1
@@ -697,10 +697,10 @@ CVE-2026-3987 (A path traversal vulnerability in the Fireware OS Web UI on Watch
CVE-2026-3882
REJECTED
CVE-2026-34873 (An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impers ...)
- - mbedtls <unfixed>
+ - mbedtls <unfixed> (bug #1132577)
NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-client-impersonation-while-resuming-tls13-session/
CVE-2026-34872 (An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and ...)
- - mbedtls <unfixed>
+ - mbedtls <unfixed> (bug #1132577)
NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ffdh-peerkey-checks/
CVE-2026-34750 (Payload is a free and open source headless content management system. ...)
NOT-FOR-US: Payload CMS
@@ -912,13 +912,13 @@ CVE-2026-34999 (OpenViking versions 0.2.5 prior to 0.2.14 contain a missing auth
CVE-2026-34889 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-34875 (An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1. ...)
- - mbedtls <unfixed>
+ - mbedtls <unfixed> (bug #1132577)
NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ffdh-buffer-overflow/
CVE-2026-34874 (An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0. ...)
- - mbedtls <unfixed>
+ - mbedtls <unfixed> (bug #1132577)
NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-null-pointer-dereference-x509/
CVE-2026-34871 (An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 ...)
- - mbedtls <unfixed>
+ - mbedtls <unfixed> (bug #1132577)
NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-dev-random/
CVE-2026-34751 (Payload is a free and open source headless content management system. ...)
NOT-FOR-US: Payload CMS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/802b94f8aa0db77b7e54507a5cf596ba38d6516b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/802b94f8aa0db77b7e54507a5cf596ba38d6516b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260403/0029e97f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list