From $URL: ARM mbed TLS before 1.3.21, 2.1.x before 2.1.9 and 2.x before 2.6.0, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected. Reference: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02
2.6.0 is in the tree and ready for stabilization KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
ia64 stable
Stable on alpha.
amd64/x86 stable
arm stable
sparc was dropped to exp. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9
stanle for hppa/sparc (thanks to Rolf Eike Beer)
ppc and ppc64 stable
@Security please vote @Maintainer please proceed to clean the tree. Gentoo Security Padawan ChrisADR
(In reply to Christopher Díaz from comment #9) > @Maintainer please proceed to clean the tree. done.
GLSA Vote: No