Please read this before reporting a bug:
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines
Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines
Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#43508 - [polarssl] Remote attack using crafted certificates CVE-2015-1182
Attached to Project:
Community Packages
Opened by Remi Gacogne (rgacogne) - Monday, 19 January 2015, 15:12 GMT
Last edited by Kyle Keen (keenerd) - Tuesday, 20 January 2015, 12:06 GMT
Opened by Remi Gacogne (rgacogne) - Monday, 19 January 2015, 15:12 GMT
Last edited by Kyle Keen (keenerd) - Tuesday, 20 January 2015, 12:06 GMT
|
DetailsA critical vulnerability has been reported [1] in polarssl >= 1.0, possibly leading to remote code execution. As there has not been an updated release yet (AFAIK), I believe we should backport the one-line fix mentioned in the advisory as soon as possible.
[1] https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 |
This task depends upon
Closed by Kyle Keen (keenerd)
Tuesday, 20 January 2015, 12:06 GMT
Reason for closing: Fixed
Additional comments about closing: polarssl-1.3.9-2
Tuesday, 20 January 2015, 12:06 GMT
Reason for closing: Fixed
Additional comments about closing: polarssl-1.3.9-2
cheers
Levente