-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 25 Sep 2018 12:32:28 +0200 Source: polarssl Binary: libpolarssl-dev libpolarssl-runtime libpolarssl7 Architecture: source amd64 Version: 1.3.9-2.1+deb8u4 Distribution: jessie-security Urgency: medium Maintainer: Roland Stigge <stigge@antcom.de> Changed-By: Mike Gabriel <sunweaver@debian.org> Description: libpolarssl-dev - lightweight crypto and SSL/TLS library libpolarssl-runtime - lightweight crypto and SSL/TLS library libpolarssl7 - lightweight crypto and SSL/TLS library Changes: polarssl (1.3.9-2.1+deb8u4) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2018-0497: Protection against Lucky13 attack when using HMAC-SHA-384. Fixes regression introduced in 1.2.5-1 (CVE-2013-0169). * CVE-2018-0498 (three patches): Fix Lucky 13 cache attack on MD/SHA padding. * CVE-2018-9988 (two patches): Prevent arithmetic overflow on bounds check and add bound check before signature length read in ssl_parse_server_key_exchange(). * CVE-2018-9989 (two patches): Prevent arithmetic overflow on bounds check and add bound check before length read in ssl_parse_server_psk_hint(). Checksums-Sha1: fcac34634c35bd302e984992c963e257a6035ae3 1930 polarssl_1.3.9-2.1+deb8u4.dsc b8c8adeb5e36c9c8729a857d85318fb740a405de 19880 polarssl_1.3.9-2.1+deb8u4.debian.tar.xz 91c4bac2ca167a529a9ee1a269651de8d958b7b1 327266 libpolarssl-dev_1.3.9-2.1+deb8u4_amd64.deb 49f2ef8efe107289df5e58a372b2f017f2031e51 684924 libpolarssl-runtime_1.3.9-2.1+deb8u4_amd64.deb 826c85b9cce9833af650524ffce96520fdc190f1 230936 libpolarssl7_1.3.9-2.1+deb8u4_amd64.deb Checksums-Sha256: 80fb072f1c3ba7da53e0913ccf81c34191790322af74f284780b0dcadfbcb56b 1930 polarssl_1.3.9-2.1+deb8u4.dsc 445894cfb310383a13ec84a77ae97d3bd5af3efa4e156b1a389193ba888e6dbe 19880 polarssl_1.3.9-2.1+deb8u4.debian.tar.xz c9d65306958397994b9bc5777591f8ffdabee39878686a3ac1920283d8ef14a9 327266 libpolarssl-dev_1.3.9-2.1+deb8u4_amd64.deb 14497b87201a0f8e036984d1d81208dc3c36dbd7df657e8e6c0a4065af27752d 684924 libpolarssl-runtime_1.3.9-2.1+deb8u4_amd64.deb 10f0bd516edc9a052492c974008e23139c2a31b1c2082fc3414ec288a7e47895 230936 libpolarssl7_1.3.9-2.1+deb8u4_amd64.deb Files: 6ba043432ba352587cd28ae6c8930536 1930 libs optional polarssl_1.3.9-2.1+deb8u4.dsc 95835702f0fc35e4a01b8ece295c3ee6 19880 libs optional polarssl_1.3.9-2.1+deb8u4.debian.tar.xz be4dafa2251146c2282dcc06766a326c 327266 libdevel optional libpolarssl-dev_1.3.9-2.1+deb8u4_amd64.deb 32e7d791e3f94c4fc4ce5c1dd5d9e720 684924 libdevel optional libpolarssl-runtime_1.3.9-2.1+deb8u4_amd64.deb 84204579fe703bd7ff12c41a30a6ae0d 230936 libs optional libpolarssl7_1.3.9-2.1+deb8u4_amd64.deb -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAluqJXQVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxmJIP/2hw64AtRkVzQv3dE94LcUBqQ2U4 7GoKlHTu1y+38f3FIVwjIFWF646SVOZFv5PFLD32pvyh9a5bmu8zYVVfwK3gPlL1 p2HTGZWpDCR7ENmLDBrk5JXgro7BaCh7FyczDNiIZgOVUnbs6kHePkucjM21wZdZ ZJxzlCzsxtp+sOetVdEAEdRR2b3IHwHMAw882lKJCWwVoV0NC1vanv8V1f9aORs9 G12kjy4m9ySRPBEWyM+pcPLxvJvTgY2AkalW/I8oDdAUDxXv9f6I90w1+0rSCYS3 FjioMOeKY6/sNf5RRu8+QN1ASNcp5u8yUL1EZuUxvby5OmzubEb13bKGcMGjNoaT tLob89ItYzgFOOVLrLacGp7iWDqvKolgh/HVPUNrdRb16lV2Ng8VHYFcWI8r4z1D legT8bjXuwUKvyWxfR/Ovma7dGZZhDDNA5I+OJ01pBbGExJKMJR+uM07iD8dHEkh IA7e2Kg2oh/a2pSEBXbZR/K580YQPVo917uyi8VJFr+eO5gowQ/PaLxvIff+KDM9 RWG8whW59leyR9DCwZpGIuFY2nkkqminP+uOOjo0llNOLXc/fLKIesyB62ydYu/3 Z7eGQfnwflpoia6Z93qlF4R4csN3xOScdWwViCZZ4geintvNSJO6/VGoTrvaSX6A AU0m6ClIpUt+w+T1 =JaVZ -----END PGP SIGNATURE-----
