Page MenuHomeFreeBSD
Files F160200252

D56344.diff
No OneTemporary
Actions

D56344.diff
View Options

diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -1,3 +1,55 @@
+ <vuln vid="d77bd2f5-34f0-11f1-bc6d-3c7c3fba4204">
+ <topic>Mbed TLS -- vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mbedtls3</name>
+ <range><lt>3.6.6</lt></range>
+ </package>
+ <package>
+ <name>mbedtls4</name>
+ <range><lt>4.1.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>https://mbed-tls.readthedocs.io/en/latest/security-advisories/ reports:</p>
+ <blockquote cite="https://mbed-tls.readthedocs.io/en/latest/security-advisories/">
+ <ul>
+ <li>Client impersonation while resuming a TLS 1.3 session (CVE-2026-34873)</li>
+ <li>Entropy on Linux can fall back to /dev/urandom (CVE-2026-34871)</li>
+ <li>PSA random generator cloning (CVE-2026-25835)</li>
+ <li>Compiler-induced constant-time violations (CVE-2025-66442)</li>
+ <li>Null pointer dereference when setting a distinguished name (CVE-2026-34874)</li>
+ <li>Buffer overflow in FFDH public key export (CVE-2026-34875)</li>
+ <li>FFDH: lack of contributory behaviour due to improper input validation (CVE-2026-34872)</li>
+ <li>Signature Algorithm Injection (CVE-2026-25834)</li>
+ <li>CCM multipart finish tag-length validation bypass (CVE-2026-34876)</li>
+ <li>Risk of insufficient protection of serialized session or context data leading to potential memory safety issues (CVE-2026-34877)</li>
+ <li>Buffer underflow in x509_inet_pton_ipv6() (CVE-2026-25833)</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2026-34873</cvename>
+ <cvename>CVE-2026-34871</cvename>
+ <cvename>CVE-2026-25835</cvename>
+ <cvename>CVE-2025-66442</cvename>
+ <cvename>CVE-2026-34874</cvename>
+ <cvename>CVE-2026-34875</cvename>
+ <cvename>CVE-2026-34872</cvename>
+ <cvename>CVE-2026-25834</cvename>
+ <cvename>CVE-2026-34876</cvename>
+ <cvename>CVE-2026-34877</cvename>
+ <cvename>CVE-2026-25833</cvename>
+ <url>https://mbed-tls.readthedocs.io/en/latest/security-advisories/</url>
+ </references>
+ <dates>
+ <discovery>2026-03-31</discovery>
+ <entry>2026-04-10</entry>
+ </dates>
+ </vuln>
+
<vuln vid="4b727a1a-5034-42b4-b29b-2289389f4ba8">
<topic>chromium -- security fixes</topic>
<affects>

File Metadata

Mime Type
text/plain
Expires
Tue, Jun 23, 3:04 AM (14 h, 41 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
31297488
Default Alt Text
D56344.diff (2 KB)

Event Timeline