Hi, On 02/06/2013 11:49 AM, Thijs Kinkhorst wrote: > Package: polarssl Severity: serious Tags: security > > Hi, > > Nadhem Alfardan and Kenny Paterson have discovered a weakness in > the handling of CBC ciphersuites in SSL, TLS and DTLS. Their attack > exploits timing differences arising during MAC processing. Details > of this attack can be found at: http://www.isg.rhul.ac.uk/tls/ > > The problems are addressed in PolarSSL 1.2.5: > https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released > > The generic protocol issue has been assigned CVE name > CVE-2013-0169. The specific fix in PolarSSL is known as > CVE-2013-1621 and CVE-2013-1622. Please mention these identifiers > in the changelog. > > Can you see to it that this issue is addressed in unstable and > testing? And are you available to create an update for > stable-security?
Thanks for the report! I will be able to upload fixes tonight. Roland -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
