doc: releases: add release notes for Mbed TLS update

Add release notes regarding the Mbed TLS 3.6.3 update.

Signed-off-by: Tomi Fontanilles <[email protected]>

Author: tomi-font

doc/releases/release-notes-4.2.rst

@@ -40,8 +40,14 @@ The following sections provide detailed lists of changes by component.
 
 Security Vulnerability Related
 ******************************
+
 The following CVEs are addressed by this release:
 
+* :cve:`2025-27809` `TLS clients may unwittingly skip server authentication
+  <https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/>`_
+* :cve:`2025-27810` `Potential authentication bypass in TLS handshake
+  <https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/>`_
+
 More detailed information can be found in:
 https://docs.zephyrproject.org/latest/security/vulnerabilities.html
 
@@ -369,3 +375,6 @@ Other notable changes
   PXN attribute is set for these regions if compiled with ``CONFIG_ARM_MPU_PXN`` and ``CONFIG_USERSPACE``.
   This results in a change in behaviour for code being executed from these regions because,
   if these regions have pxn attribute set in them, they cannot be executed in privileged mode.
+
+* Mbed TLS was updated to version 3.6.3 (from 3.6.2). The release notes can be found at:
+  https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.3