[Git][security-tracker-team/security-tracker][master] Add two new wolfssl issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9fe97a9b by Salvatore Bonaccorso at 2026-03-20T09:23:03+01:00
Add two new wolfssl issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29,9 +29,13 @@ CVE-2026-4465 (A flaw has been found in D-Link DIR-513 1.10. The impacted elemen
 CVE-2026-4428 (A logic error in CRL distribution point validation in AWS-LC before 1. ...)
 	NOT-FOR-US: Amazon
 CVE-2026-4395 (Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import ...)
-	TODO: check
+	- wolfssl <unfixed>
+	NOTE: https://github.com/wolfSSL/wolfssl/pull/9988
+	NOTE: Fixed by: https://github.com/wolfSSL/wolfssl/commit/ddc177b669cff9d3c7e1b51751f9df73062b872a (v5.9.0-stable)
 CVE-2026-4159 (1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length e ...)
-	TODO: check
+	- wolfssl <unfixed>
+	NOTE: https://github.com/wolfSSL/wolfssl/pull/9945
+	NOTE: Fixed by: https://github.com/wolfSSL/wolfssl/commit/d37b51c3cef6897e117364ab8b1a257e52a634c0 (v5.9.0-stable)
 CVE-2026-4136 (The Membership Plugin \u2013 Restrict Content plugin for WordPress is  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-4038 (The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Functi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fe97a9b183c8eee8779cc15894aeea630018227

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fe97a9b183c8eee8779cc15894aeea630018227
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260320/2c5b7d6e/attachment.htm>