Debian Package Tracker

From: James Cowgill <jcowgill@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted mbedtls 2.4.2-1+deb9u2 (source) into proposed-updates->stable-new, proposed-updates
Date: Sat, 17 Mar 2018 21:42:29 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 05 Mar 2018 18:24:47 +0000
Source: mbedtls
Binary: libmbedtls-dev libmbedcrypto0 libmbedtls10 libmbedx509-0 libmbedtls-doc
Architecture: source
Version: 2.4.2-1+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: James Cowgill <jcowgill@debian.org>
Changed-By: James Cowgill <jcowgill@debian.org>
Description:
 libmbedcrypto0 - lightweight crypto and SSL/TLS library - crypto library
 libmbedtls-dev - lightweight crypto and SSL/TLS library - development files
 libmbedtls-doc - lightweight crypto and SSL/TLS library - documentation
 libmbedtls10 - lightweight crypto and SSL/TLS library - tls library
 libmbedx509-0 - lightweight crypto and SSL/TLS library - x509 certificate library
Closes: 890287 890288
Changes:
 mbedtls (2.4.2-1+deb9u2) stretch-security; urgency=high
 .
   * Fix CVE-2017-18187:
     Unsafe bounds check in ssl_parse_client_psk_identity().
   * Fix CVE-2018-0487:
     Buffer overflow when verifying RSASSA-PSS signatures. (Closes: #890288)
   * Fix CVE-2018-0488:
     Buffer overflow when truncated HMAC is enabled. (Closes: #890287)
Checksums-Sha1:
 63035736a04d0b6cbae6d6b150c0d41a1ad23004 2248 mbedtls_2.4.2-1+deb9u2.dsc
 2ae3ae3fd203e642cce6f2953ae7edf452885af4 18908 mbedtls_2.4.2-1+deb9u2.debian.tar.xz
 c0cd4d3a535190d028cbfa6b1ffdeb24262282cc 6713 mbedtls_2.4.2-1+deb9u2_source.buildinfo
Checksums-Sha256:
 da25c581f6287a26542490736310f8df993893683545600ae9df95be4e412914 2248 mbedtls_2.4.2-1+deb9u2.dsc
 a7e72e80bdeb44f90555348ad40d5e31ed5f01d66d1583bd9a0ebb11ef7ad7fc 18908 mbedtls_2.4.2-1+deb9u2.debian.tar.xz
 92179f5483779bb3b96c30f9f9c674964460bb2cdc444f8933f082842b3da02d 6713 mbedtls_2.4.2-1+deb9u2_source.buildinfo
Files:
 d2e54e46950a48b3f8327288daa16ad3 2248 libs optional mbedtls_2.4.2-1+deb9u2.dsc
 72515ee69ddd36c21e530ca77e5ed047 18908 libs optional mbedtls_2.4.2-1+deb9u2.debian.tar.xz
 61b0614143b22a11ed8f4da9af858fff 6713 libs optional mbedtls_2.4.2-1+deb9u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlqgUg0UHGpjb3dnaWxs
QGRlYmlhbi5vcmcACgkQx/FnbeotAe/uCg/+IlA5q+PXrRKxWlQ1cY1pF9yhmsdr
MJS7L1Es+jlgWIOnQRi2sV6ojJY+vlz/EyXJEzzZcUIVW/QwX64kbkcTyJ0kx/Zy
+BRRq5QIuHqr1NiBzZu2Bfq2oiW8HUGZie//z3hvRLFf7H1x1vi6ABWiPlIta3zb
zIGu+iSVcDVhcvfdj7BdosB9I/osjyTR5wKB0B7n9GChNtRbc+Wnp/LxgNpb1rAT
HzAs//QQ1sFCeI8p7pR1bdYLvqfccUQgg3ZuKUVmDpH7jjIWTjKfhLSXiAN02/5r
+bYUAc+PiDQP/ZNPF6N/DLVm4P7xu05YSv+P9s7K15UpmuxPO3Lwap6FzFeR/+ec
peuI5Sn4NYZph9lF/xeUZayvvl5pfmakwj+C8sJyrXTUxHnFOptyDVX+RB6A9mq5
kNTYgvTH9ubtMxDASNXY0hZWnXwwBXGy8Y2WcqLMwJXPadUVaiZbUZNPTwpCGl7s
XD8a2hgYf0260g0JLAxaV3aS6lH1aYsK8VHJbwQrarz4+E5jqt3aI91vjm+3WBl3
TUPTDlXA9mMqVm8xWRcdenSKRhlyVdtU+coB13LBF9WJSl7a68BYe1eWEbXKfQl8
J32ynL8pRYnjrhRmbJ+r3Jb8y2mAHjnF6iABqrPZwXyIub2Oj4mN15xjSjmNFDjW
xOOTEEiToJiVais=
=yWul
-----END PGP SIGNATURE-----
News for package mbedtls
