[Git][security-tracker-team/security-tracker][master] Reference commit for CVE-2026-25834

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
549f5941 by Salvatore Bonaccorso at 2026-05-21T22:47:41+02:00
Reference commit for CVE-2026-25834

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29841,6 +29841,7 @@ CVE-2026-25834 (Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade
 	[bullseye] - mbedtls <not-affected> (Vulnerable code introduced later)
 	NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-sigalg-injection/
 	NOTE: Introduced by: https://github.com/Mbed-TLS/mbedtls/commit/693a47ab1d076164baf0e5baff645b0e0d4d966b (mbedtls-3.3.0)
+	NOTE: Fixed by: https://github.com/Mbed-TLS/mbedtls/commit/0165a8d7637a458f49cfe01be1f21aa0f91143d7 (mbedtls-3.6.6)
 CVE-2026-25833 (Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow ...)
 	- mbedtls 3.6.6-0.1 (bug #1133841; unimportant)
 	NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-inet-pton/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/549f594113dc5b3f43705e05dbd7adf1092e2406

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/549f594113dc5b3f43705e05dbd7adf1092e2406
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260521/2f69cd9e/attachment.htm>