From 0205ff782b89b5900f70dfa53f3c34042f73dce1 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 26 Mar 2026 11:05:44 +0000 Subject: [PATCH 1/4] Added attributions & CVE Signed-off-by: Minos Galanakis --- ChangeLog.d/fix-null-pointer-dereference.txt | 3 ++- ChangeLog.d/inet_pton.txt | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog.d/fix-null-pointer-dereference.txt b/ChangeLog.d/fix-null-pointer-dereference.txt index 1eb3c416a8..1dd7d61905 100644 --- a/ChangeLog.d/fix-null-pointer-dereference.txt +++ b/ChangeLog.d/fix-null-pointer-dereference.txt @@ -1,4 +1,5 @@ Security * Fix a NULL pointer dereference in mbedtls_x509_string_to_names() when mbedtls_calloc() fails to allocate memory. This was caused by failing to - check whether mbedtls_calloc() returned NULL. + check whether mbedtls_calloc() returned NULL. Found and reported by + Haruto Kimura (Stella). diff --git a/ChangeLog.d/inet_pton.txt b/ChangeLog.d/inet_pton.txt index 22e6806556..1acb8de84e 100644 --- a/ChangeLog.d/inet_pton.txt +++ b/ChangeLog.d/inet_pton.txt @@ -3,3 +3,4 @@ Security (e.g. on platforms with memory protection when the overread crosses page boundary) this could lead to DoS. Found and reported by Haruto Kimura (Stella). + CVE-2026-25833 From 441beaeeacbdef63a6300bf8c89a32fd4fc6930c Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 26 Mar 2026 14:51:36 +0000 Subject: [PATCH 2/4] Extended attributions & CVE Signed-off-by: Minos Galanakis --- ChangeLog.d/inet_pton.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ChangeLog.d/inet_pton.txt b/ChangeLog.d/inet_pton.txt index 1acb8de84e..73b9aa6b19 100644 --- a/ChangeLog.d/inet_pton.txt +++ b/ChangeLog.d/inet_pton.txt @@ -2,5 +2,4 @@ Security * Fix a limited buffer underflow in x509_inet_pton_ipv6(). In rare cases (e.g. on platforms with memory protection when the overread crosses page boundary) this could lead to DoS. Found and reported by Haruto Kimura - (Stella). - CVE-2026-25833 + (Stella). CVE-2026-25833 From e4c6f6819ef079a8d90647abe5922265212f7733 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 26 Mar 2026 16:36:25 +0000 Subject: [PATCH 3/4] Added attribution for ffdh-peerkey-check Signed-off-by: Minos Galanakis --- ChangeLog.d/ffdh-peerkey-check.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog.d/ffdh-peerkey-check.txt b/ChangeLog.d/ffdh-peerkey-check.txt index a2204b4f57..59bdd71c17 100644 --- a/ChangeLog.d/ffdh-peerkey-check.txt +++ b/ChangeLog.d/ffdh-peerkey-check.txt @@ -3,4 +3,6 @@ Security PSA_ALG_FFDH: low-order elements were not rejected as they should be. This is a problem for protocols using FFDH that expect contributory behaviour, that is, where neither party should be able to force the shared secret - into a small set. + into a small set. Reported independently by Eva Crystal (0xiviel) and ++ another reporter. + From 860cde63e6e29e590748dbe1bf35e1c8745bf99b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 26 Mar 2026 16:43:03 +0000 Subject: [PATCH 4/4] MOufa Signed-off-by: Minos Galanakis --- ChangeLog.d/ffdh-peerkey-check.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/ChangeLog.d/ffdh-peerkey-check.txt b/ChangeLog.d/ffdh-peerkey-check.txt index 59bdd71c17..2c0c9c2fab 100644 --- a/ChangeLog.d/ffdh-peerkey-check.txt +++ b/ChangeLog.d/ffdh-peerkey-check.txt @@ -5,4 +5,3 @@ Security that is, where neither party should be able to force the shared secret into a small set. Reported independently by Eva Crystal (0xiviel) and + another reporter. -