Summary: | <net-libs/polarssl-1.3.0: Information disclosure of RSA private keys (CVE-2013-5915) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | amd64, hasufell, tommy, x86 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05 | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 487432 | ||
Bug Blocks: |
Description
GLSAMaker/CVETool Bot
2013-10-07 00:12:12 UTC
Version Prior to PolarSSL 1.2.9 and 1.3.0 are affected. PolarSSL recommends upgrade to 1.3.0 (In URL)"We strongly advise you to consider upgrading to the 1.3 branch if outside parties are present or can connect to your network." polarssl-1.3.0 added Thomas are you ready to stabilize 1.3.0? arches, please stabilize: =net-libs/polarssl-1.3.0 target keywords="amd64 arm hppa ppc ppc64 ~s390 sparc x86 ~amd64-fbsd ~x86-fbsd" amd64 stable arm stable ppc64 stable sparc stable x86 stable Stable for HPPA. Added to existing GLSA draft, should be ready to send after this bug is [glsa]. ppc stable old version removed This issue was resolved and addressed in GLSA 201310-10 at http://security.gentoo.org/glsa/glsa-201310-10.xml by GLSA coordinator Sergey Popov (pinkbyte). you broke a stable reverse dep (media-sound/umurmur) and did not notify me about this do people still not test reverse deps of libraries? Sure this is a security bug. But there would have been a solution, like masking "polarssl" useflag in media-sound/umurmur. |