Dear Debian Security Team, I am writing to report an issue regarding the CVE entries associated with botan3 in the Debian tracker system.
After investigating, I found that two incorrect CVEs have been submitted: CVE-2026-35580 and CVE-2026-35582. My research indicates that both of these CVEs are actually assigned to the NSA Emissary project and are not related to botan3. https://www.cve.org/CVERecord?id=CVE-2026-35580 Could you please remove these incorrect CVE entries from your system? Thank you for your assistance. Best regards, Yujia Lin
