1Security 2 * Fix a buffer overread in mbedtls_lms_import_public_key() when the input is 3 less than 3 bytes. Reported by Linh Le and Ngan Nguyen from Calif. 4 CVE-2025-49601 5