Debian
polarssl package

Change logs for polarssl source package in Jessie

  1. Jessie (8.0)
  2. Change log 
  • polarssl (1.3.9-2.1+deb8u3) jessie-security; urgency=medium

  * Fix CVE-2017-18187:
    Unsafe bounds check in ssl_parse_client_psk_identity().
  * Fix CVE-2018-0487:
    Buffer overflow when verifying RSASSA-PSS signatures. (Closes: #890288)
  * Fix CVE-2018-0488:
    Buffer overflow when truncated HMAC is enabled. (Closes: #890287)

 -- James Cowgill <email address hidden>  Tue, 20 Mar 2018 17:59:03 +0000
  • polarssl (1.3.9-2.1+deb8u2) jessie; urgency=high

  * Fix CVE-2017-2784: Freeing of memory allocated on stack when
    validating a public key with a secp224k1 curve. (Closes: #857561)

 -- James Cowgill <email address hidden>  Tue, 09 May 2017 09:42:21 +0100
  • polarssl (1.3.9-2.1+deb8u1) jessie-security; urgency=high

  * Non-maintainer upload.
  * Backport patches for CVE-2015-5291 and CVE-2015-8036
    (Closes: #801413)
  * Add simple smoke test

 -- Guido Günther <email address hidden>  Fri, 05 Feb 2016 13:41:23 +0100
  • polarssl (1.3.9-2.1) unstable; urgency=high


  * Non-maintainer upload.
  * Add CVE-2015-1182.patch patch.
    CVE-2015-1182: Denial of service and possible remote code execution
    using crafted certificates. (Closes: #775776)

 -- Salvatore Bonaccorso <email address hidden>  Wed, 21 Jan 2015 22:09:05 +0100
  • polarssl (1.3.9-2) unstable; urgency=medium


  * Disabled POLARSSL_SSL_PROTO_SSL3 at compile time to prevent potential
    attacks, TLS considered standard for clients now, and consistency w/
    OpenSSL in Debian

 -- Roland Stigge <email address hidden>  Fri, 07 Nov 2014 10:28:34 +0100
  • polarssl (1.3.8-1) unstable; urgency=medium


  * New upstream release
  * debian/control: Adjust package description, thanks to Paul Bakker
    (upstream)
  * Removed CVE-2014-4911.patch (integrated upstream)

 -- Roland Stigge <email address hidden>  Sun, 31 Aug 2014 14:13:55 +0200
  • polarssl (1.3.7-2.1) unstable; urgency=high


  * Non-maintainer upload with maintainers approval.
  * Add CVE-2014-4911.patch patch.
    CVE-2014-4911: Fix Denial of Service against GCM enabled servers (and
    clients). (Closes: #754655)

 -- Salvatore Bonaccorso <email address hidden>  Tue, 15 Jul 2014 21:39:13 +0200
  • polarssl (1.3.7-2) unstable; urgency=medium


  * Enabled POLARSSL_THREADING_C and POLARSSL_THREADING_PTHREAD in config,
    recommended for Debian by upstream

 -- Roland Stigge <email address hidden>  Mon, 05 May 2014 21:35:56 +0200
  • polarssl (1.3.4-1) unstable; urgency=medium


  * New upstream release

 -- Roland Stigge <email address hidden>  Sun, 02 Feb 2014 11:42:57 +0100
  • polarssl (1.3.3-1) unstable; urgency=medium


  * New upstream release
  * debian/control: Standards-Version: 3.9.5

 -- Roland Stigge <email address hidden>  Wed, 01 Jan 2014 19:07:10 +0100
  • polarssl (1.3.1-2) unstable; urgency=low


  * Fixed FTBFS on big endian arches via upstream patch (Closes: #727116)

 -- Roland Stigge <email address hidden>  Tue, 22 Oct 2013 16:56:09 +0200
  • polarssl (1.2.8-2) unstable; urgency=low


  * Activate HAVEGE config option manually, needed since 1.2.8

 -- Roland Stigge <email address hidden>  Sun, 23 Jun 2013 11:11:31 +0200
  • polarssl (1.1.4-2) unstable; urgency=high


  * Security fix for CVE-2013-0169: Lucky 13 TLS protocol timing flaw
    including CVE-2013-1621 and CVE-2013-1622, backported from upstream
    diff from 1.2.4 to 1.2.5. (Closes: #699887)

 -- Roland Stigge <email address hidden>  Thu, 07 Feb 2013 22:08:26 +0100