[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted polarssl 1.3.9-2.1+deb8u4 (source amd64) into oldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 25 Sep 2018 12:32:28 +0200
Source: polarssl
Binary: libpolarssl-dev libpolarssl-runtime libpolarssl7
Architecture: source amd64
Version: 1.3.9-2.1+deb8u4
Distribution: jessie-security
Urgency: medium
Maintainer: Roland Stigge <stigge@antcom.de>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Description:
 libpolarssl-dev - lightweight crypto and SSL/TLS library
 libpolarssl-runtime - lightweight crypto and SSL/TLS library
 libpolarssl7 - lightweight crypto and SSL/TLS library
Changes:
 polarssl (1.3.9-2.1+deb8u4) jessie-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2018-0497: Protection against Lucky13 attack when using HMAC-SHA-384.
     Fixes regression introduced in 1.2.5-1 (CVE-2013-0169).
   * CVE-2018-0498 (three patches): Fix Lucky 13 cache attack on MD/SHA padding.
   * CVE-2018-9988 (two patches): Prevent arithmetic overflow on bounds check
     and add bound check before signature length read in
     ssl_parse_server_key_exchange().
   * CVE-2018-9989 (two patches): Prevent arithmetic overflow on bounds check
     and add bound check before length read in ssl_parse_server_psk_hint().
Checksums-Sha1:
 fcac34634c35bd302e984992c963e257a6035ae3 1930 polarssl_1.3.9-2.1+deb8u4.dsc
 b8c8adeb5e36c9c8729a857d85318fb740a405de 19880 polarssl_1.3.9-2.1+deb8u4.debian.tar.xz
 91c4bac2ca167a529a9ee1a269651de8d958b7b1 327266 libpolarssl-dev_1.3.9-2.1+deb8u4_amd64.deb
 49f2ef8efe107289df5e58a372b2f017f2031e51 684924 libpolarssl-runtime_1.3.9-2.1+deb8u4_amd64.deb
 826c85b9cce9833af650524ffce96520fdc190f1 230936 libpolarssl7_1.3.9-2.1+deb8u4_amd64.deb
Checksums-Sha256:
 80fb072f1c3ba7da53e0913ccf81c34191790322af74f284780b0dcadfbcb56b 1930 polarssl_1.3.9-2.1+deb8u4.dsc
 445894cfb310383a13ec84a77ae97d3bd5af3efa4e156b1a389193ba888e6dbe 19880 polarssl_1.3.9-2.1+deb8u4.debian.tar.xz
 c9d65306958397994b9bc5777591f8ffdabee39878686a3ac1920283d8ef14a9 327266 libpolarssl-dev_1.3.9-2.1+deb8u4_amd64.deb
 14497b87201a0f8e036984d1d81208dc3c36dbd7df657e8e6c0a4065af27752d 684924 libpolarssl-runtime_1.3.9-2.1+deb8u4_amd64.deb
 10f0bd516edc9a052492c974008e23139c2a31b1c2082fc3414ec288a7e47895 230936 libpolarssl7_1.3.9-2.1+deb8u4_amd64.deb
Files:
 6ba043432ba352587cd28ae6c8930536 1930 libs optional polarssl_1.3.9-2.1+deb8u4.dsc
 95835702f0fc35e4a01b8ece295c3ee6 19880 libs optional polarssl_1.3.9-2.1+deb8u4.debian.tar.xz
 be4dafa2251146c2282dcc06766a326c 327266 libdevel optional libpolarssl-dev_1.3.9-2.1+deb8u4_amd64.deb
 32e7d791e3f94c4fc4ce5c1dd5d9e720 684924 libdevel optional libpolarssl-runtime_1.3.9-2.1+deb8u4_amd64.deb
 84204579fe703bd7ff12c41a30a6ae0d 230936 libs optional libpolarssl7_1.3.9-2.1+deb8u4_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAluqJXQVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxmJIP/2hw64AtRkVzQv3dE94LcUBqQ2U4
7GoKlHTu1y+38f3FIVwjIFWF646SVOZFv5PFLD32pvyh9a5bmu8zYVVfwK3gPlL1
p2HTGZWpDCR7ENmLDBrk5JXgro7BaCh7FyczDNiIZgOVUnbs6kHePkucjM21wZdZ
ZJxzlCzsxtp+sOetVdEAEdRR2b3IHwHMAw882lKJCWwVoV0NC1vanv8V1f9aORs9
G12kjy4m9ySRPBEWyM+pcPLxvJvTgY2AkalW/I8oDdAUDxXv9f6I90w1+0rSCYS3
FjioMOeKY6/sNf5RRu8+QN1ASNcp5u8yUL1EZuUxvby5OmzubEb13bKGcMGjNoaT
tLob89ItYzgFOOVLrLacGp7iWDqvKolgh/HVPUNrdRb16lV2Ng8VHYFcWI8r4z1D
legT8bjXuwUKvyWxfR/Ovma7dGZZhDDNA5I+OJ01pBbGExJKMJR+uM07iD8dHEkh
IA7e2Kg2oh/a2pSEBXbZR/K580YQPVo917uyi8VJFr+eO5gowQ/PaLxvIff+KDM9
RWG8whW59leyR9DCwZpGIuFY2nkkqminP+uOOjo0llNOLXc/fLKIesyB62ydYu/3
Z7eGQfnwflpoia6Z93qlF4R4csN3xOScdWwViCZZ4geintvNSJO6/VGoTrvaSX6A
AU0m6ClIpUt+w+T1
=JaVZ
-----END PGP SIGNATURE-----


Reply to: