Added patches for mbedtls.
For testing, I applied the testcase from here:
https://github.com/ARMmbed/mbedtls/commit/28fff141133314308994738fbe4f24f4a1e3c64d
Then tried building the package with and without the CVE fix patch
(making sure it failed before and passed after).
** Changed in: mbedtls (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1672686
Title:
CVE-2017-2784 - Freeing of memory allocated on stack when validating a
public key with a secp224k1 curve
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mbedtls/+bug/1672686/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
