oss-sec mailing list archives
CVE Request: polarssl
From: Marcus Meissner <meissner () suse de>
Date: Tue, 4 Nov 2014 08:06:10 +0100
Hi, https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released and https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released have some security issues worth CVEs. "On the security front this release fixes a mistake in the negotiation introduced in PolarSSL 1.3.8. The mistake resulted in servers negotiating a weaker signature algorithm than available. In addition two remotely-triggerable memory leaks were found by the Codenomicon Defensics tool and fixed in this release." Ciao, Marcus
Current thread:
- CVE Request: polarssl Marcus Meissner (Nov 03)
- Re: CVE Request: polarssl cve-assign (Nov 06)