oss-sec mailing list archives
Re: CVE Request: polarssl
From: cve-assign () mitre org
Date: Thu, 6 Nov 2014 06:39:44 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released
this release fixes a mistake in the negotiation introduced in PolarSSL 1.3.8. The mistake resulted in servers negotiating a weaker signature algorithm than available.
Use CVE-2014-8627.
two remotely-triggerable memory leaks were found by the Codenomicon Defensics tool and fixed in this release.
Use CVE-2014-8628. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUW12QAAoJEKllVAevmvmsyoEIALzE4hgA/mL0iKq08PbTAby1 Y0Jl//Dv3Zs7YnaTBtK9STSWg1Rh7dpKYN0+mJCMvhboQGgUSdE/XdQt2aHHg1oi MVJ7YFGsawZ6MjhsMbHTqcbyHH/ESVp7i4O2nBejVVRdYurocEaKS8BpVIFj1r3h ayDSAlDux4B1H3jWpuIYwv9zcb1HfscnhTNC/vjcJLFzrQCdA+eQhV221tCnS5Jt 8goNPdUCMDQ1+pbTZDenoWutVLZq3hqXKkNaGJqUiitCXdnQxq/kmYfNeLBCJ6r7 ezZLL+Fcjm2pP+z9NeqHj/JmA6//Vz/fpHVZzZSWUrfJvydXgMHnlMJQKz+8xBc= =sZJ1 -----END PGP SIGNATURE-----
Current thread:
- CVE Request: polarssl Marcus Meissner (Nov 03)
- Re: CVE Request: polarssl cve-assign (Nov 06)