security/vuxml: Add Mbed TLS vulnerabilities
ClosedPublic
Actions

Authored by nxjoseph on Fri, Apr 10, 3:50 PM.

Details

Reviewers

osa
vvd

Commits

R11:1a38d8fb7aef: security/vuxml: Add MbedTLS vulnerabilities

Summary

Hi,

This is my first time working with security/vuxml, sorry for my ignorance in advance.

$ make validate
/bin/sh /home/yusuf/doc/git/ports/security/vuxml/files/tidy.sh "/home/yusuf/doc/git/ports/security/vuxml/files/tidy.xsl" "/home/yusuf/doc/git/ports/security/vuxml/vuln-flat.xml" > "/home/yusuf/doc/git/ports/security/vuxml/vuln.xml.tidy"
>>> Validating...
/usr/local/bin/xmllint --valid --noout /home/yusuf/doc/git/ports/security/vuxml/vuln-flat.xml
file:///usr/local/share/xml/dtd/xhtml-modularization/xhtml-special.ent:37: parser warning : Invalid redeclaration of predefined entity 'lt'
<!ENTITY lt      "&#38;&#60;" ><!-- less-than sign, U+003C ISOnum -->
                             ^
file:///usr/local/share/xml/dtd/xhtml-modularization/xhtml-special.ent:39: parser warning : Invalid redeclaration of predefined entity 'amp'
<!ENTITY amp     "&#38;&#38;" ><!-- ampersand, U+0026 ISOnum -->
                             ^
>>> Successful.
Checking if tidy differs...
... seems okay
Checking for space/tab...
... seems okay
/usr/local/bin/python3.11 /home/yusuf/doc/git/ports/security/vuxml/files/extra-validation.py /home/yusuf/doc/git/ports/security/vuxml/vuln-flat.xml
Warning: description too long (5099 chars, 5000 is warning threshold): 4b727a1a-5034-42b4-b29b-2289389f4ba8)

Be sure to get versioning right for PORTEPOCH and remember possible linux-* ports!
Also, <gt> tags are usually wrong in ranges. Use <ge> where adequate.

$ pkg info -x mbedtls; pkg audit -f vuln-flat.xml mbedtls3-3.6.5
mbedtls3-3.6.5
mbedtls3-3.6.5 is vulnerable:
  Mbed TLS -- vulnerabilities
  CVE: CVE-2026-25833
  CVE: CVE-2026-34877
  CVE: CVE-2026-34876
  CVE: CVE-2026-25834
  CVE: CVE-2026-34872
  CVE: CVE-2026-34875
  CVE: CVE-2026-34874
  CVE: CVE-2025-66442
  CVE: CVE-2026-25835
  CVE: CVE-2026-34871
  CVE: CVE-2026-34873
  WWW: https://vuxml.FreeBSD.org/freebsd/d77bd2f5-34f0-11f1-bc6d-3c7c3fba4204.html

1 problem(s) in 1 package(s) found.

$ pkg info -x mbedtls; pkg audit -f vuln-flat.xml mbedtls4-4.0.0
mbedtls4-4.0.0_1
mbedtls4-4.0.0 is vulnerable:
  Mbed TLS -- vulnerabilities
  CVE: CVE-2026-25833
  CVE: CVE-2026-34877
  CVE: CVE-2026-34876
  CVE: CVE-2026-25834
  CVE: CVE-2026-34872
  CVE: CVE-2026-34875
  CVE: CVE-2026-34874
  CVE: CVE-2025-66442
  CVE: CVE-2026-25835
  CVE: CVE-2026-34871
  CVE: CVE-2026-34873
  WWW: https://vuxml.FreeBSD.org/freebsd/d77bd2f5-34f0-11f1-bc6d-3c7c3fba4204.html

1 problem(s) in 1 package(s) found.

$ pkg info -x mbedtls; pkg audit -f vuln-flat.xml mbedtls4-4.1.0
mbedtls4-4.1.0
0 problem(s) in 0 package(s) found.

Diff Detail

Repository

R11 FreeBSD ports repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

nxjoseph requested review of this revision.Fri, Apr 10, 3:50 PM

nxjoseph created this revision.

LGTM, please proceed.

This revision is now accepted and ready to land.Fri, Apr 10, 4:26 PM

Closed by commit R11:1a38d8fb7aef: security/vuxml: Add MbedTLS vulnerabilities (authored by nxjoseph). · Explain WhyFri, Apr 10, 4:45 PM

This revision was automatically updated to reflect the committed changes.

nxjoseph added a commit: R11:1a38d8fb7aef: security/vuxml: Add MbedTLS vulnerabilities.

Revision Contents
Changeset List

Path

Size

security/

vuxml/

vuln/

2026.xml

52 lines

Diff 175237

View Options

security/vuxml/vuln/2026.xml

security/vuxml: Add Mbed TLS vulnerabilitiesClosedPublicActions