Date: Tue, 4 Nov 2014 08:06:10 +0100 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: CVE Request: polarssl Hi, https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released and https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released have some security issues worth CVEs. "On the security front this release fixes a mistake in the negotiation introduced in PolarSSL 1.3.8. The mistake resulted in servers negotiating a weaker signature algorithm than available. In addition two remotely-triggerable memory leaks were found by the Codenomicon Defensics tool and fixed in this release." Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ