Hi,
On Tue, 2015-10-27 at 22:29 +0100, Moritz Mühlenhoff wrote:
> On Wed, Oct 21, 2015 at 01:43:26PM +0100, James Cowgill wrote:
> > Hi,
> >
> > On Tue, 2015-10-20 at 19:37 +0200, Florian Weimer wrote:
> > > * James Cowgill:
> > [...]
> > > > One thing which was suggested was to use 1.3.14 and th
On Wed, Oct 21, 2015 at 01:43:26PM +0100, James Cowgill wrote:
> Hi,
>
> On Tue, 2015-10-20 at 19:37 +0200, Florian Weimer wrote:
> > * James Cowgill:
> [...]
> > > One thing which was suggested was to use 1.3.14 and then disable at
> > > compile time all the new features which may affect the ABI
Hi,
So regardless of the ABI issues affecting jessie, the first thing to do
is to fix this in unstable which can be done by just uploading 1.3.14
and doing an ABI transition.
I've attached a debdiff for an NMU to experimental which would start
this off. The orig tarball is not included in the dif
Hi,
On Tue, 2015-10-20 at 19:37 +0200, Florian Weimer wrote:
> * James Cowgill:
[...]
> > One thing which was suggested was to use 1.3.14 and then disable at
> > compile time all the new features which may affect the ABI and then
> > revert the SONAME change, but is doing that actually allowed for
* James Cowgill:
> They seemed pretty resistive to the idea of just adding specific
> patches on top of 1.3.9, and if you look at the changelog there are a
> number of other security bugs which seem important but don't have CVEs
> because they couldn't be triggered remotely.
> https://github.com/A
Hi,
So I asked upstream about the specific commits which fixed this bug
here:
https://tls.mbed.org/discussions/bug-report-issues/question-about-cve-2015-5291
They seemed pretty resistive to the idea of just adding specific
patches on top of 1.3.9, and if you look at the changelog there are a
numb
On Fri, 09 Oct 2015 22:02:21 +0200 Salvatore Bonaccorso
wrote:
> Source: polarssl
> Version: 1.2.8-2
> Severity: grave
> Tags: security upstream fixed-upstream
>
> Hi,
>
> the following vulnerability was published for polarssl.
>
> CVE-2015-5291[0]:
> Remote attack on clients using session tic
Source: polarssl
Version: 1.2.8-2
Severity: grave
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for polarssl.
CVE-2015-5291[0]:
Remote attack on clients using session tickets or SNI
It has been fixed in PolarSSL 1.2.17 branch, then the rebranded mbed
TLS 1
8 matches
Mail list logo