Summary: | <net-libs/mbedtls-2.2.1: Double free and MD5 signature issue (SLOTH) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | blueness, hasufell, slawomir.nizio, tommy |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=537108 https://bugs.gentoo.org/show_bug.cgi?id=620504 |
||
Whiteboard: | B3 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Hanno Böck
2016-01-06 18:54:40 UTC
all <net-libs/mbedtls-2.2.1 ebuilds are off the tree. however all the polarssl ebuilds are vulnerable. we should mask polarssl for removal. @tommy do you want to take care of polarssl since its your package. The remaining packages depending on polarssl have open bugs assigned, bug 618354 tracks them. I split out net-libs/polarssl into bug 620504. SLOTH issue is CVE-2015-7575. Added to an existing GLSA. This issue was resolved and addressed in GLSA 201706-18 at https://security.gentoo.org/glsa/201706-18 by GLSA coordinator Kristian Fiskerstrand (K_F). |