CVE-2013-5915 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5915): The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys.
Version Prior to PolarSSL 1.2.9 and 1.3.0 are affected. PolarSSL recommends upgrade to 1.3.0 (In URL)"We strongly advise you to consider upgrading to the 1.3 branch if outside parties are present or can connect to your network."
polarssl-1.3.0 added
Thomas are you ready to stabilize 1.3.0?
arches, please stabilize: =net-libs/polarssl-1.3.0 target keywords="amd64 arm hppa ppc ppc64 ~s390 sparc x86 ~amd64-fbsd ~x86-fbsd"
amd64 stable
arm stable
ppc64 stable
sparc stable
x86 stable
Stable for HPPA.
Added to existing GLSA draft, should be ready to send after this bug is [glsa].
ppc stable
old version removed
This issue was resolved and addressed in GLSA 201310-10 at http://security.gentoo.org/glsa/glsa-201310-10.xml by GLSA coordinator Sergey Popov (pinkbyte).
you broke a stable reverse dep (media-sound/umurmur) and did not notify me about this do people still not test reverse deps of libraries? Sure this is a security bug. But there would have been a solution, like masking "polarssl" useflag in media-sound/umurmur.