Change logs for polarssl source package in Jessie
-
polarssl (1.3.9-2.1+deb8u3) jessie-security; urgency=medium * Fix CVE-2017-18187: Unsafe bounds check in ssl_parse_client_psk_identity(). * Fix CVE-2018-0487: Buffer overflow when verifying RSASSA-PSS signatures. (Closes: #890288) * Fix CVE-2018-0488: Buffer overflow when truncated HMAC is enabled. (Closes: #890287) -- James Cowgill <email address hidden> Tue, 20 Mar 2018 17:59:03 +0000
-
polarssl (1.3.9-2.1+deb8u2) jessie; urgency=high * Fix CVE-2017-2784: Freeing of memory allocated on stack when validating a public key with a secp224k1 curve. (Closes: #857561) -- James Cowgill <email address hidden> Tue, 09 May 2017 09:42:21 +0100
-
polarssl (1.3.9-2.1+deb8u1) jessie-security; urgency=high * Non-maintainer upload. * Backport patches for CVE-2015-5291 and CVE-2015-8036 (Closes: #801413) * Add simple smoke test -- Guido Günther <email address hidden> Fri, 05 Feb 2016 13:41:23 +0100
-
polarssl (1.3.9-2.1) unstable; urgency=high * Non-maintainer upload. * Add CVE-2015-1182.patch patch. CVE-2015-1182: Denial of service and possible remote code execution using crafted certificates. (Closes: #775776) -- Salvatore Bonaccorso <email address hidden> Wed, 21 Jan 2015 22:09:05 +0100
-
polarssl (1.3.9-2) unstable; urgency=medium * Disabled POLARSSL_SSL_PROTO_SSL3 at compile time to prevent potential attacks, TLS considered standard for clients now, and consistency w/ OpenSSL in Debian -- Roland Stigge <email address hidden> Fri, 07 Nov 2014 10:28:34 +0100
-
polarssl (1.3.8-1) unstable; urgency=medium * New upstream release * debian/control: Adjust package description, thanks to Paul Bakker (upstream) * Removed CVE-2014-4911.patch (integrated upstream) -- Roland Stigge <email address hidden> Sun, 31 Aug 2014 14:13:55 +0200
-
polarssl (1.3.7-2.1) unstable; urgency=high * Non-maintainer upload with maintainers approval. * Add CVE-2014-4911.patch patch. CVE-2014-4911: Fix Denial of Service against GCM enabled servers (and clients). (Closes: #754655) -- Salvatore Bonaccorso <email address hidden> Tue, 15 Jul 2014 21:39:13 +0200
-
polarssl (1.3.7-2) unstable; urgency=medium * Enabled POLARSSL_THREADING_C and POLARSSL_THREADING_PTHREAD in config, recommended for Debian by upstream -- Roland Stigge <email address hidden> Mon, 05 May 2014 21:35:56 +0200
-
polarssl (1.3.4-1) unstable; urgency=medium * New upstream release -- Roland Stigge <email address hidden> Sun, 02 Feb 2014 11:42:57 +0100
-
polarssl (1.3.3-1) unstable; urgency=medium * New upstream release * debian/control: Standards-Version: 3.9.5 -- Roland Stigge <email address hidden> Wed, 01 Jan 2014 19:07:10 +0100
-
polarssl (1.3.1-2) unstable; urgency=low * Fixed FTBFS on big endian arches via upstream patch (Closes: #727116) -- Roland Stigge <email address hidden> Tue, 22 Oct 2013 16:56:09 +0200
-
polarssl (1.2.8-2) unstable; urgency=low * Activate HAVEGE config option manually, needed since 1.2.8 -- Roland Stigge <email address hidden> Sun, 23 Jun 2013 11:11:31 +0200
-
polarssl (1.1.4-2) unstable; urgency=high * Security fix for CVE-2013-0169: Lucky 13 TLS protocol timing flaw including CVE-2013-1621 and CVE-2013-1622, backported from upstream diff from 1.2.4 to 1.2.5. (Closes: #699887) -- Roland Stigge <email address hidden> Thu, 07 Feb 2013 22:08:26 +0100