-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 27 Apr 2026 10:08:42 +0200
Source: mbedtls
Architecture: source
Version: 2.16.9-0.1+deb11u4
Distribution: bullseye-security
Urgency: medium
Maintainer: James Cowgill <jcowgill@debian.org>
Changed-By: Andrej Shadura <andrewsh@debian.org>
Changes:
mbedtls (2.16.9-0.1+deb11u4) bullseye-security; urgency=medium
.
* Backport security fixes from the upstream:
- CVE-2025-59438: Observable Timing Discrepancy.
The fix prevents leaking the presence of a padding error.
- CVE-2026-34871: Don't fall back to /dev/urandom if getrandom()
is not available
Checksums-Sha1:
3f6b19480caf2ba7299e91603b1bd955a0c85125 1749 mbedtls_2.16.9-0.1+deb11u4.dsc
41c04360ba6c9256109720e59f4aa19f97ee6569 62312 mbedtls_2.16.9-0.1+deb11u4.debian.tar.xz
402306ab6a0cc2ddcfb981a148b100cf858c9519 6666 mbedtls_2.16.9-0.1+deb11u4_source.buildinfo
Checksums-Sha256:
786bc95c9975daf5cb9ac0e1eaccd17a4c13e28f3e7ca1a6ed93fbfffd809ebe 1749 mbedtls_2.16.9-0.1+deb11u4.dsc
47b068eacddba796392c33dc5244e15657cc63ec271141ec5559500a3936b0c1 62312 mbedtls_2.16.9-0.1+deb11u4.debian.tar.xz
c3fcbb1a507c6e69ddac19b2e3af5b08b6f48a69259daf77ad39185b63b8920a 6666 mbedtls_2.16.9-0.1+deb11u4_source.buildinfo
Files:
2ffbb96f2171b9d6e88c108261841737 1749 libs optional mbedtls_2.16.9-0.1+deb11u4.dsc
f5dace942db0bad7cc27d6d788536fc6 62312 libs optional mbedtls_2.16.9-0.1+deb11u4.debian.tar.xz
5626da58edd1622a4eee3c1797b4a1cf 6666 libs optional mbedtls_2.16.9-0.1+deb11u4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
wr0EARYKAG8FgmnvHj0JEOhEa0rIx3JhRxQAAAAAAB4AIHNhbHRAbm90YXRpb25z
LnNlcXVvaWEtcGdwLm9yZ52gOQB17MK3qPkqe83c8lqPvKGuQXeY6vBDAMGK+6ml
FiEEg9zRf0SyLMg2Vu2h6ERrSsjHcmEAAJ/IAQDvAJgBX7Wn0BU6yCyyth8zo81L
WiD7T0e9DlIe8x2e/AD/Rx84zmOV6TWbr+pQCnGiTGVgsqq3Q6O6+Yaa+sSovQc=
=haHy
-----END PGP SIGNATURE-----
