FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-04-19 18:40:30 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d77bd2f5-34f0-11f1-bc6d-3c7c3fba4204	Mbed TLS -- vulnerabilities https://mbed-tls.readthedocs.io/en/latest/security-advisories/ reports: Client impersonation while resuming a TLS 1.3 session (CVE-2026-34873) Entropy on Linux can fall back to /dev/urandom (CVE-2026-34871) PSA random generator cloning (CVE-2026-25835) Compiler-induced constant-time violations (CVE-2025-66442) Null pointer dereference when setting a distinguished name (CVE-2026-34874) Buffer overflow in FFDH public key export (CVE-2026-34875) FFDH: lack of contributory behaviour due to improper input validation (CVE-2026-34872) Signature Algorithm Injection (CVE-2026-25834) CCM multipart finish tag-length validation bypass (CVE-2026-34876) Risk of insufficient protection of serialized session or context data leading to potential memory safety issues (CVE-2026-34877) Buffer underflow in x509_inet_pton_ipv6() (CVE-2026-25833) Discovery 2026-03-31 Entry 2026-04-10 mbedtls3 < 3.6.6 mbedtls4 < 4.1.0 CVE-2026-34873 CVE-2026-34871 CVE-2026-25835 CVE-2025-66442 CVE-2026-34874 CVE-2026-34875 CVE-2026-34872 CVE-2026-25834 CVE-2026-34876 CVE-2026-34877 CVE-2026-25833 https://mbed-tls.readthedocs.io/en/latest/security-advisories/

VuXML ID

Description

d77bd2f5-34f0-11f1-bc6d-3c7c3fba4204

Mbed TLS -- vulnerabilities

https://mbed-tls.readthedocs.io/en/latest/security-advisories/ reports:

Client impersonation while resuming a TLS 1.3 session (CVE-2026-34873)

Entropy on Linux can fall back to /dev/urandom (CVE-2026-34871)

PSA random generator cloning (CVE-2026-25835)

Compiler-induced constant-time violations (CVE-2025-66442)

Null pointer dereference when setting a distinguished name (CVE-2026-34874)

Buffer overflow in FFDH public key export (CVE-2026-34875)

FFDH: lack of contributory behaviour due to improper input validation (CVE-2026-34872)

Signature Algorithm Injection (CVE-2026-25834)

CCM multipart finish tag-length validation bypass (CVE-2026-34876)

Risk of insufficient protection of serialized session or context data leading to potential memory safety issues (CVE-2026-34877)

Buffer underflow in x509_inet_pton_ipv6() (CVE-2026-25833)

Discovery 2026-03-31
Entry 2026-04-10
mbedtls3

< 3.6.6

mbedtls4

< 4.1.0

CVE-2026-34873
CVE-2026-34871
CVE-2026-25835
CVE-2025-66442
CVE-2026-34874
CVE-2026-34875
CVE-2026-34872
CVE-2026-25834
CVE-2026-34876
CVE-2026-34877
CVE-2026-25833
https://mbed-tls.readthedocs.io/en/latest/security-advisories/