Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu,  6 Nov 2014 06:39:44 -0500 (EST)
From: cve-assign@...re.org
To: meissner@...e.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: polarssl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released

> this release fixes a mistake in the negotiation introduced in PolarSSL
> 1.3.8. The mistake resulted in servers negotiating a weaker signature
> algorithm than available.

Use CVE-2014-8627.


> two remotely-triggerable memory leaks were found by the Codenomicon
> Defensics tool and fixed in this release.

Use CVE-2014-8628.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUW12QAAoJEKllVAevmvmsyoEIALzE4hgA/mL0iKq08PbTAby1
Y0Jl//Dv3Zs7YnaTBtK9STSWg1Rh7dpKYN0+mJCMvhboQGgUSdE/XdQt2aHHg1oi
MVJ7YFGsawZ6MjhsMbHTqcbyHH/ESVp7i4O2nBejVVRdYurocEaKS8BpVIFj1r3h
ayDSAlDux4B1H3jWpuIYwv9zcb1HfscnhTNC/vjcJLFzrQCdA+eQhV221tCnS5Jt
8goNPdUCMDQ1+pbTZDenoWutVLZq3hqXKkNaGJqUiitCXdnQxq/kmYfNeLBCJ6r7
ezZLL+Fcjm2pP+z9NeqHj/JmA6//Vz/fpHVZzZSWUrfJvydXgMHnlMJQKz+8xBc=
=sZJ1
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ