oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: polarssl

From: cve-assign () mitre org
Date: Thu, 6 Nov 2014 06:39:44 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released



this release fixes a mistake in the negotiation introduced in PolarSSL
1.3.8. The mistake resulted in servers negotiating a weaker signature
algorithm than available.


Use CVE-2014-8627.



two remotely-triggerable memory leaks were found by the Codenomicon
Defensics tool and fixed in this release.


Use CVE-2014-8628.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUW12QAAoJEKllVAevmvmsyoEIALzE4hgA/mL0iKq08PbTAby1
Y0Jl//Dv3Zs7YnaTBtK9STSWg1Rh7dpKYN0+mJCMvhboQGgUSdE/XdQt2aHHg1oi
MVJ7YFGsawZ6MjhsMbHTqcbyHH/ESVp7i4O2nBejVVRdYurocEaKS8BpVIFj1r3h
ayDSAlDux4B1H3jWpuIYwv9zcb1HfscnhTNC/vjcJLFzrQCdA+eQhV221tCnS5Jt
8goNPdUCMDQ1+pbTZDenoWutVLZq3hqXKkNaGJqUiitCXdnQxq/kmYfNeLBCJ6r7
ezZLL+Fcjm2pP+z9NeqHj/JmA6//Vz/fpHVZzZSWUrfJvydXgMHnlMJQKz+8xBc=
=sZJ1
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: