Hi Felix, On Tue, Oct 06, 2015 at 03:29:46PM +0200, Sebastian Ramacher wrote: > Source: wolfssl > Version: 3.4.8+dfsg-1 > Severity: important > Tags: security fixed-upstream > > Hi, > > wolfssl 3.6.8 was released fixing CVE-2015-6925. The DTLS server > implementation in earlier versions allowed to run DoS attacks on a > wolfssl based DTLS server or use it to amplify an DoS attack since the > DTLS cookie was not generated properly. > > See the upstream announcement [1, 2] and the PoC [3] for more details. > > When fixing this issue, please include CVE identifier in the changelog. > > [1] > https://www.wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_Found,_An_Attack_on_RSA_using_CRT_and_DoS_Vulnerability_With_DTLS.html > [2] > http://wolfssl.com/wolfSSL/Blog/Entries/2015/9/18_wolfSSL_3.6.8_is_Now_Available.html > [3] https://github.com/IAIK/wolfSSL-DoS
Any news on this. Could you upload 3.6.8 to unstable? Regards, Salvatore
