From nobody Fri Apr 10 16:45:32 2026 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fsjND67k2z6Y1Kl for ; Fri, 10 Apr 2026 16:45:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fsjND5Qgyz3nBN for ; Fri, 10 Apr 2026 16:45:32 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1775839532; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6KcY2qam2OUAmtGbGJO05I3FqXMtPgvyVO1LOwTyMFI=; b=eX95jFV0rjv89S7uU7aQ7qG602Pwpq5WjHn7K5fZX6OFkYsmA4b0GlChjpHeiwBzhKTEZO ZNmtcAGDsbZ6HxtWO6LhI0qZZ0+QMT6NoRniShdsPNOGo50BHkpdsajdclFq6o/QW5jpI2 wOyBIC/J8kM0isxeESJcnqoMRITxzN157Ye2XHiLrk8GEcLVdN7yAvCBdin4cKrx4iWJdT FBSYU5T535sou5F0F2UNUiZyoWP0Mzjm/ljd6L/DXHpIgXlNyq+mjWuhWQKRHMUHXYRL5e y634uuI0alqVbYsQp8QOtGbkjIfDvz1sxF8E2wlBdmuk7l52FzKdDG29113KGw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1775839532; a=rsa-sha256; cv=none; b=PCPFhgZZt8U+XU4TNpRd2I0ajFpTM8nWMBpmrjVyhCKNVKblK7c0Qwc6yI7nkUnmfd9jIt RaM4lU7nawMGveCv+v0j2hd/3MxHBdN9+jHQSv+TaxfATYQoBz2r7ue6Pg8bY6Bx0tFlus 6EJ8jkwbZxhmAzY2q+Fwf/mTipFw+F2u0fsuoLYeZXcRSIl3D523wpH3kcuqynyYFJ/HNO C4Sj6SQQfD27DOEBcHalM76353ismwyiAdneRvd/BDbW70Vk1AhvySCaeB1obcYXi7aqt/ qOhOEcM7/Bj0v4++YlnbLpaxvYW/06B+DhoaM9VliAgPBI0yLvkjFSpjCzLDEQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1775839532; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6KcY2qam2OUAmtGbGJO05I3FqXMtPgvyVO1LOwTyMFI=; b=wG6Z7SL5xPMm+SedUyDNFuQnAkpirjpm6h4FsHRP5HQpu+XaGn4RDzEOAtzK2rDeXPw/Dc k8LLj/9Zuo5CrnFoprFhMjuOuXpTimTZZZGSKuJ9tsdsjG93/cKaVv3KP+wxn3KeSzWbTn ToHHQUvvnyJ3ptTCDP9ezC5Ki6EIHEL5vI3x5hvzcheLc1uoDdwq4FS9b8zNxPZxHIyitE 12PSc/HLTnM9P7Ewy+i6Amk+Xf1TSaU/iWEM4T14PiHdWwo0IlZYN+oQLw1EYAZQb0vjLC m/Kha8ucKhBT8vLTu0He3bJzwwMDOEj7MjH9W7domCvsD11gDCQCyw2IHvO7QQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fsjND4gYdzsmF for ; Fri, 10 Apr 2026 16:45:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 24cc5 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 10 Apr 2026 16:45:32 +0000 To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Yusuf Yaman Subject: git: 1a38d8fb7aef - main - security/vuxml: Add MbedTLS vulnerabilities List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: nxjoseph X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 1a38d8fb7aefaafa50ce7f39a7de7b721785c2ab Auto-Submitted: auto-generated Date: Fri, 10 Apr 2026 16:45:32 +0000 Message-Id: <69d9292c.24cc5.64d84136@gitrepo.freebsd.org> The branch main has been updated by nxjoseph: URL: https://cgit.FreeBSD.org/ports/commit/?id=1a38d8fb7aefaafa50ce7f39a7de7b721785c2ab commit 1a38d8fb7aefaafa50ce7f39a7de7b721785c2ab Author: Yusuf Yaman AuthorDate: 2026-04-10 15:41:29 +0000 Commit: Yusuf Yaman CommitDate: 2026-04-10 16:39:52 +0000 security/vuxml: Add MbedTLS vulnerabilities Reviewed by: osa, vvd (mentors) Approved by: osa (mentor) Differential Revision: https://reviews.freebsd.org/D56344 --- security/vuxml/vuln/2026.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index 85c1c149bcc4..c6256911035d 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,55 @@ + + Mbed TLS -- vulnerabilities + + + mbedtls3 + 3.6.6 + + + mbedtls4 + 4.1.0 + + + + +

https://mbed-tls.readthedocs.io/en/latest/security-advisories/ reports:

+
+
    +
  • Client impersonation while resuming a TLS 1.3 session (CVE-2026-34873)
    • +
  • Entropy on Linux can fall back to /dev/urandom (CVE-2026-34871)
    • +
  • PSA random generator cloning (CVE-2026-25835)
    • +
  • Compiler-induced constant-time violations (CVE-2025-66442)
    • +
  • Null pointer dereference when setting a distinguished name (CVE-2026-34874)
    • +
  • Buffer overflow in FFDH public key export (CVE-2026-34875)
    • +
  • FFDH: lack of contributory behaviour due to improper input validation (CVE-2026-34872)
    • +
  • Signature Algorithm Injection (CVE-2026-25834)
    • +
  • CCM multipart finish tag-length validation bypass (CVE-2026-34876)
    • +
  • Risk of insufficient protection of serialized session or context data leading to potential memory safety issues (CVE-2026-34877)
    • +
  • Buffer underflow in x509_inet_pton_ipv6() (CVE-2026-25833)
    • +
+
+ + + + CVE-2026-34873 + CVE-2026-34871 + CVE-2026-25835 + CVE-2025-66442 + CVE-2026-34874 + CVE-2026-34875 + CVE-2026-34872 + CVE-2026-25834 + CVE-2026-34876 + CVE-2026-34877 + CVE-2026-25833 + https://mbed-tls.readthedocs.io/en/latest/security-advisories/ + + + 2026-03-31 + 2026-04-10 + + + chromium -- security fixes