From ${URL} : MATRIXSSL 3.7.1 Releases Security Fixes X.509 and ASN.1 Parsing Improvements - A security audit revealed a handful of parsing issues related to boundary testing which could result in reading beyond a memory buffer. These have been fixed, and the getAsnLength() internal API also does a double check against the remaining buffer length in all cases. Constant-Time Memory Compare - Calls to memcmp() have been replaced with a memcmpct() implementation to reduce the effectiveness of future timing based attacks. @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
15 months and this package has still not been bumped. Additional security vulnerabilities have been released since the current tree (3.6.1) version. Package will be PMASKED and last-rited. # Aaron Bauman <bman@gentoo.org> (19 Mar 2016) # Multiple unpatched security vulnerabilities # per bug #523040. Masked for removal in 30 days. dev-libs/matrixssl
package tree cleaned.