Debian Package Tracker

From: James Cowgill <jcowgill@debian.org>
To: <dak@security.debian.org>
Subject: Accepted polarssl 1.3.9-2.1+deb8u3 (source) into oldstable->embargoed, oldstable
Date: Wed, 21 Mar 2018 14:06:15 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 20 Mar 2018 17:59:03 +0000
Source: polarssl
Binary: libpolarssl-dev libpolarssl-runtime libpolarssl7
Architecture: source
Version: 1.3.9-2.1+deb8u3
Distribution: jessie-security
Urgency: medium
Maintainer: Roland Stigge <stigge@antcom.de>
Changed-By: James Cowgill <jcowgill@debian.org>
Description:
 libpolarssl-dev - lightweight crypto and SSL/TLS library
 libpolarssl-runtime - lightweight crypto and SSL/TLS library
 libpolarssl7 - lightweight crypto and SSL/TLS library
Closes: 890287 890288
Changes:
 polarssl (1.3.9-2.1+deb8u3) jessie-security; urgency=medium
 .
   * Fix CVE-2017-18187:
     Unsafe bounds check in ssl_parse_client_psk_identity().
   * Fix CVE-2018-0487:
     Buffer overflow when verifying RSASSA-PSS signatures. (Closes: #890288)
   * Fix CVE-2018-0488:
     Buffer overflow when truncated HMAC is enabled. (Closes: #890287)
Checksums-Sha1:
 4b843426c0417fcb0d00ff10a7839f1b99fdf0df 1930 polarssl_1.3.9-2.1+deb8u3.dsc
 0fa2ecded8576f3768f5cc606a21984df083cfce 15496 polarssl_1.3.9-2.1+deb8u3.debian.tar.xz
 fa6d549d0f7701186957152291e08538c4c2f229 5747 polarssl_1.3.9-2.1+deb8u3_source.buildinfo
Checksums-Sha256:
 66174a84b18cccf01ee26ff3da3aaa8483beac0aade710dfcdf240992f5ba434 1930 polarssl_1.3.9-2.1+deb8u3.dsc
 79c66f0394796dcbf023261d52917e2d7a0b7835a90f2f422b106f21ea2e98ff 15496 polarssl_1.3.9-2.1+deb8u3.debian.tar.xz
 a59c2dfee5466818c194883f03e5645d5f63630fff824fe369594cc584274362 5747 polarssl_1.3.9-2.1+deb8u3_source.buildinfo
Files:
 f09da7fe1eb97c815ab4a32afb97451a 1930 libs optional polarssl_1.3.9-2.1+deb8u3.dsc
 d574a3dd1ec0a191bf9b7616c2357e8e 15496 libs optional polarssl_1.3.9-2.1+deb8u3.debian.tar.xz
 d38d0079688b6f0b62c26914e4c129ce 5747 libs optional polarssl_1.3.9-2.1+deb8u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlqyKHcUHGpjb3dnaWxs
QGRlYmlhbi5vcmcACgkQx/FnbeotAe8RRQ/8DKBLtY2v7jzmoTyxKS1XzyoqbOtl
eu5ZiA54eEWWQY5DfkqJJipWOOMtek3taMnZ+qGM7KWlbfyj9QjusxkhDlVOrNxk
uI33x6q26PAlahR29vTS3EFNpN5RRS1y6jsqb98R2Jf3x3KBYpqVZFu/BC2gRWW/
vhp1qZn8qSSy4XA1dlEp1XDiLFEhLFuUyqmg0gZyTRa5jPXCRHH/swKBR5jbibWg
S0cMSyNk3mK97w3dOzgkDFozWTmFbL/zGv76qzA5d38Z+SHo2fp8darNsV0Q1F3o
yBtY6q+MT85bugvh427sZAE4LpCNbiItLXzJ7aohPa88COIETa66WZdJ/R5vb+Yj
Pa5KrfmoE+0k0g5WdGMwwOoi0DoFHHtdb2twNKll5jcFSkiXdoLoYATcW7z83g4K
f9P+aq5Q27eQDB8LUI/vZYXbj9pS/WU0o9f881OiTV5MqE3pNU4xTS/rGLSJnh5Y
87Fx+eG41W+TIFmCw8T4sZUIUymaFq326CQVkcWgLJGit39pz+2zyvao31DU0Ylk
/fOrnswPfOoAuI5CJNAojk3LaOZH3ATJSl2LMgeFN5kesuvS49huwJW5vGYD0bwk
G4pMOVsYlOyZ4JM+p1NRhmybdrRM5+i2Kc1xTvnn8eJyyPL4fGO46zHuYRe4Y6y/
GhwoY8NEDFTvNIQ=
=JiJF
-----END PGP SIGNATURE-----
News for package polarssl
