I will bump soon.
+*polarssl-1.3.8 (11 Jul 2014) + + 11 Jul 2014; Julian Ospald <hasufell@gentoo.org> +polarssl-1.3.8.ebuild, + +files/polarssl-1.3.8-ssl_pthread_server.patch: + version bump
Maintainers, please advise when ebuilds have had enough testing, and are ready for stabilization.
(In reply to Yury German from comment #2) > Maintainers, please advise when ebuilds have had enough testing, and are > ready for stabilization. now.
Arches, please test and mark stable: =net-libs/polarssl-1.3.8 Target Keywords : "amd64 arm hppa ppc ppc64 spark x86" Thank you!
Stable for HPPA.
arm stable
CVE-2014-4911 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4911): The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.
x86 stable
amd64 stable
sparc stable
ppc stable
ppc64 stable. Maintainer(s), please cleanup. Security, please vote.
GLSA vote: no,
+ 09 Aug 2014; Julian Ospald <hasufell@gentoo.org> -polarssl-1.3.4.ebuild, + -polarssl-1.3.5.ebuild, -polarssl-1.3.6.ebuild, -polarssl-1.3.7.ebuild, + -polarssl-1.3.7-r1.ebuild, -files/polarssl-1.3.4-cflags.patch, + -files/polarssl-1.3.4-out-of-source.patch, + -files/polarssl-1.3.4-static.patch, -files/polarssl-1.3.4-zlib.patch: + cleanup vulnerable versions wrt #516904
GLSA Vote: No No GLSA - Closing Bug as Resolved