ARM mbed TLS before 1.3.21, 2.1.x before 2.1.9 and 2.x before 2.6.0, if optional
authentication is configured, allows remote attackers to bypass peer
authentication via an X.509 certificate chain with many intermediates.
NOTE: although mbed TLS was formerly known as PolarSSL, the releases
shipped with the PolarSSL name are not affected.
2.6.0 is in the tree and ready for stabilization
KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Stable on alpha.
sparc was dropped to exp.
stanle for hppa/sparc (thanks to Rolf Eike Beer)
ppc and ppc64 stable
@Security please vote
@Maintainer please proceed to clean the tree.
Gentoo Security Padawan
(In reply to Christopher Díaz from comment #9)
> @Maintainer please proceed to clean the tree.
GLSA Vote: No