Debian Package Tracker

From: James Cowgill <jcowgill@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted mbedtls 2.4.2-1+deb9u3 (source) into proposed-updates->stable-new, proposed-updates
Date: Tue, 02 Oct 2018 06:06:01 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 09 Sep 2018 17:02:04 +0100
Source: mbedtls
Binary: libmbedtls-dev libmbedcrypto0 libmbedtls10 libmbedx509-0 libmbedtls-doc
Architecture: source
Version: 2.4.2-1+deb9u3
Distribution: stretch-security
Urgency: high
Maintainer: James Cowgill <jcowgill@debian.org>
Changed-By: James Cowgill <jcowgill@debian.org>
Description:
 libmbedcrypto0 - lightweight crypto and SSL/TLS library - crypto library
 libmbedtls-dev - lightweight crypto and SSL/TLS library - development files
 libmbedtls-doc - lightweight crypto and SSL/TLS library - documentation
 libmbedtls10 - lightweight crypto and SSL/TLS library - tls library
 libmbedx509-0 - lightweight crypto and SSL/TLS library - x509 certificate library
Closes: 904821
Changes:
 mbedtls (2.4.2-1+deb9u3) stretch-security; urgency=high
 .
   * Fix CVE-2018-0497:
     Remote plaintext recovery on use of CBC based ciphersuites through a
     timing side-channel. (Closes: #904821)
   * Fix CVE-2018-0498:
     Plaintext recovery on use of CBC based ciphersuites through a cache
     based side-channel.
Checksums-Sha1:
 d0705399d14dbdbf1488afa9c84789004106a7c5 2248 mbedtls_2.4.2-1+deb9u3.dsc
 411df5eb37ccf2bcfe2b1307aa230db268ab7672 22532 mbedtls_2.4.2-1+deb9u3.debian.tar.xz
 946db2dec95beb9a18cf636e2691230e13f0e3ca 6445 mbedtls_2.4.2-1+deb9u3_source.buildinfo
Checksums-Sha256:
 f4ae68e62a946e1109ef1cf1053a3407e4287bf911ae80911eb1edc03de69f17 2248 mbedtls_2.4.2-1+deb9u3.dsc
 3fb2f86d4105acf75426b1ef42372e3b3018245ac32707be160b9c482857c646 22532 mbedtls_2.4.2-1+deb9u3.debian.tar.xz
 2b094de754cfc61d859e6a054027514c442136103fd8fba5b6a3926aa7176d1e 6445 mbedtls_2.4.2-1+deb9u3_source.buildinfo
Files:
 00f721aa1184ae9d5a2e01236baaa8f9 2248 libs optional mbedtls_2.4.2-1+deb9u3.dsc
 b396c58921b5459ac77710feb62e2fcc 22532 libs optional mbedtls_2.4.2-1+deb9u3.debian.tar.xz
 b821ebf69287ab9bcc43c514b694f886 6445 libs optional mbedtls_2.4.2-1+deb9u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlua254UHGpjb3dnaWxs
QGRlYmlhbi5vcmcACgkQx/FnbeotAe9T7g/6A7HE/0KbDMiZWni2MFw0eWuygp95
IiH/+CW0RbZ7iqNCcxTosevx6DpKDt5A6Rbp1FY6mfG/C8WsQ2i6fjSNMRkBIv7G
yVsEowXyQGQrLygs6bqPQbewW731oiFrLgLd7a6fSzX1npnzwUPo29D9Ok95yC5R
zBdRr9JOxgw3QST5brCQragfvVm5Ve2B9/v6o9678AlyaIBa6U2+1/X8IRiVxAJL
A5/YwhAA7x8HE7FHPO0dp929+Xjd5okg5LuoshGLXkqUqIMGm6VRjoefESz6sbhX
aKhVwYmwJdtHSYvyQQN4TstPI0JZW4CN3ocWn9GjrXtHlPsFqFN59fk6ipKlTrpA
giIS3AJVk4j5Ng7fL8jCNyjzm69oL/Rwzkp2Smy6oojp0BFgIUQC2woa0pPgGJ+d
XS07AE62XmrFemTUGBzSLOa9eWXJ4Fv2LzjdSr63Zv8cAhWrHWevLhuTi8ihRRg6
PZ5CK45VSMXh31N0vr5msesf/Ix8TJOFZGZVF4NDtCS1NEM8wvw+2OR1pZKzcqcR
Jw2kRQTrCkrO3/qfEntWp5llAIsWr1eyq2WhgRYNvtZZN8DxmhK2GGhmwpmv52iU
9jE7TlB1+oe2xg/HJLfgvXzlmH4VWUd9obUdGtTYsyCsj2GG0vURwUssfaUCVwQ/
q2+khpSrsWgyta0=
=X8wR
-----END PGP SIGNATURE-----
News for package mbedtls
