This bug was fixed in the package mbedtls - 2.4.2-1
Sponsored for James Cowgill (jcowgill)
---------------
mbedtls (2.4.2-1) unstable; urgency=high
* New upstream version.
- Fixes CVE-2017-2784 - freeing of memory allocated on the stack when
validating a public key with a secp224k1 curve. (Closes: #857560)
* debian/rules:
- Run testsuite inside faketime to prevent it suddenly failing in the
future. Thanks Niels Thykier!
-- James Cowgill <[email protected]> Tue, 14 Mar 2017 10:54:33 +0000
** Changed in: mbedtls (Ubuntu)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-2784
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1672694
Title:
Sync mbedtls 2.4.2-1 (universe) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mbedtls/+bug/1672694/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
