Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted mbedtls 2.4.2-1+deb9u4 (source) into oldoldstable
Date: Tue, 23 Nov 2021 12:40:13 +0000
Signed by: Emilio Pozuelo Monfort <pochu@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 23 Nov 2021 12:40:34 +0100
Source: mbedtls
Architecture: source
Version: 2.4.2-1+deb9u4
Distribution: stretch-security
Urgency: medium
Maintainer: James Cowgill <jcowgill@debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Changes:
 mbedtls (2.4.2-1+deb9u4) stretch-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2018-9988: buffer over-read and integer overflow.
   * CVE-2018-9989: buffer over-read and integer overflow.
   * CVE-2020-36475: denial of service with very large key sizes.
   * CVE-2020-36476: clear sensitive memory buffers.
   * CVE-2020-36478: certificate validation bypass.
   * CVE-2021-24119: side-channel vulnerability in base64 PEM file decoding.
Checksums-Sha1:
 85651b34c0f74ac7c1521185ab933ec6e3d686cf 2219 mbedtls_2.4.2-1+deb9u4.dsc
 71e0aa93e4548611fdb15af93e8b93b30c764e4c 1925368 mbedtls_2.4.2.orig.tar.gz
 e7e220aea89fd98ff8c5118d270fba8a8856bab9 30572 mbedtls_2.4.2-1+deb9u4.debian.tar.xz
 51e2e19e1b1a9472d010277253cbd987fd894799 5516 mbedtls_2.4.2-1+deb9u4_source.buildinfo
Checksums-Sha256:
 360d3d6d2590cb5583949fbe9a521d3af099871d1aeb092e66e2ce39930e9a51 2219 mbedtls_2.4.2-1+deb9u4.dsc
 17dd98af7478aadacc480c7e4159e447353b5b2037c1b6d48ed4fd157fb1b018 1925368 mbedtls_2.4.2.orig.tar.gz
 00c69e29252afef6de99898b28a281c7402e8ab36cd71d800ca48773b176d040 30572 mbedtls_2.4.2-1+deb9u4.debian.tar.xz
 bc0ed45df628aceb3a6bb43e05799a1f6efa5dd128e3b56c1c527ec66c3aad44 5516 mbedtls_2.4.2-1+deb9u4_source.buildinfo
Files:
 75338132b26f72d9d08e9d9bcf26ccf3 2219 libs optional mbedtls_2.4.2-1+deb9u4.dsc
 8e3a8357e0fc23a3954a819027f5167e 1925368 libs optional mbedtls_2.4.2.orig.tar.gz
 d0885cad7b76142ffad902ca4a35479a 30572 libs optional mbedtls_2.4.2-1+deb9u4.debian.tar.xz
 1e5b834f5cbf819787287968847c1341 5516 libs optional mbedtls_2.4.2-1+deb9u4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmGc35YACgkQnUbEiOQ2
gwL2Dw//boQN01uQr2Rqrk1xmswsklMEHd7uSDdsyAWjNed8LWKoi6xMqHt6ucCp
0yrAexTUrlyBimUFXTroQ9WUBZnCap130iWJF492lC6tMpDw+Y1jMsf5Q/jEQN8O
byVzi5A8pTzei+Dd5se1ERwD6c0GxR7G7QQ+u/QyiGtFN14LOaZv5iqWMo54T038
qYizrW57ER+XuyZRDPAF4p7pKrvJs1efA6U+tSI2voYgLGvcdkKFr+fUYGAkB14m
GjVjzTa8tCrnUJX/g9MBR9n7JUnrqeXzzFRpbbPfSKwdqFiddqX4V9WoKnWK0k5z
6Hp2yWvoPEiZlAFqVZ8WK1S5S6dgxKoivWCBUEKAkUR7u9Chy46wmJTnh74OhRWg
D6xeIIeur6wxllp4CWtj7PAlFgsiVrv6pHg6O2Jp4E/FXltcWNgNDfGL2uioD7bi
0+eLo9yGC3/rYgOiadh0iouCkcMTeQNQ0H9u6UsNNsxKfyefM8JZqIZB0wqTksLu
69c7ebRPCsCH985o2R//KmsHwHgVWYVtBcj+YzrX+mVIghshpwxtHxLITDtNoacc
ulzyVQLKq6Tm0DwCgRkX2wy+YwCrtnRJKaEB4Gb6IpyOgO9+IB55SmR5QFEFa3NP
R72n2QXyfUByo93R24T1eKMYK3yhTLA7Dm+9K0d4peMg/muS4uk=
=DHcS
-----END PGP SIGNATURE-----

News for package mbedtls