Accepted mbedtls 2.16.9-0.1+deb11u2 (source) into oldoldstable-security

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted mbedtls 2.16.9-0.1+deb11u2 (source) into oldoldstable-security
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sun, 10 Aug 2025 15:00:31 +0000
Message-id: <[🔎] E1ul7XD-008hZc-0X@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 10 Aug 2025 13:35:00 +0200
Source: mbedtls
Architecture: source
Version: 2.16.9-0.1+deb11u2
Distribution: bullseye-security
Urgency: medium
Maintainer: James Cowgill <jcowgill@debian.org>
Changed-By: Andrej Shadura <andrewsh@debian.org>
Changes:
 mbedtls (2.16.9-0.1+deb11u2) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * Apply security fixes from the upstream:
     - CVE-2025-47917: Fix memory management in mbedtls_x509_string_to_names
       to avoid a possible double-free or use-after-free in the caller.
     - CVE-2025-48965 in mbedtls_asn1_store_named_data:
       + When allocating val.p, always set the new length to val_len.
       + Remove a case of memcpy() called with a null pointer and zero length.
       + Fix NULL pointer dereference.
       (The patch for the issue depends on two more patches fixing related
       issues.)
     - CVE-2025-52496: Fix a race condition in mbedtls_aes_ni_has_support.
     - CVE-2025-52497: Fix PEM handling:
       + Fix valid data length returned by mbedtls_pem_read_buffer.
       + Check data padding in DES/AES decrypted buffers.
       + Fix PEM underflow.
Checksums-Sha1:
 20daf700f4291d7759c444ca72e9c6d0f2a68ff3 1652 mbedtls_2.16.9-0.1+deb11u2.dsc
 92f0cfd5bb34de1e47beb2bc6aeba772d6fffd0d 44964 mbedtls_2.16.9-0.1+deb11u2.debian.tar.xz
 9a5cb4ba2a237cae267f465f09f6c3f9278b99c9 6656 mbedtls_2.16.9-0.1+deb11u2_source.buildinfo
Checksums-Sha256:
 db7c92933d2e20356a888155200829addd3b6802d2c5e87f151d9d0706e28ea0 1652 mbedtls_2.16.9-0.1+deb11u2.dsc
 8d1b6326588ded5449da7b9903eb664acb051efe2178a66d97d79bf0dfa45291 44964 mbedtls_2.16.9-0.1+deb11u2.debian.tar.xz
 e9196ac80af8f49ae5ef4a86c4a0de6cf247ab450632744dadf05ff9dac0a41e 6656 mbedtls_2.16.9-0.1+deb11u2_source.buildinfo
Files:
 5f7355b40a6048183584bfd55171a050 1652 libs optional mbedtls_2.16.9-0.1+deb11u2.dsc
 6aed0c23b8cdd69f0cc620c58586b0e0 44964 libs optional mbedtls_2.16.9-0.1+deb11u2.debian.tar.xz
 a47e7c965f8d75c911b91016e22efd20 6656 libs optional mbedtls_2.16.9-0.1+deb11u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCaJiIqQAKCRDoRGtKyMdy
YREDAQDQdqJjp6wjSpwGVCeLq9IKLsa7bsdlmjmvfE4zy2e67QEA6EX07g/eblZ0
Ph/7Evlh9FJENnihyEqnSYvFlAUUvwE=
=hCjj
-----END PGP SIGNATURE-----

Attachment: pgpuGuvrKn8Ub.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted gnutls28 3.7.1-5+deb11u8 (source) into oldstable-security
Next by Date: Accepted distro-info-data 0.51+deb11u9 (source) into oldoldstable-security
Previous by thread: Accepted gnutls28 3.7.1-5+deb11u8 (source) into oldstable-security
Next by thread: Accepted distro-info-data 0.51+deb11u9 (source) into oldoldstable-security
Index(es):
- Date
- Thread