Control: tags -1 + pending On Tue, 2017-05-09 at 19:35 +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Tue, 2017-05-09 at 11:42 +0100, James Cowgill wrote: > > This polarssl update fixes CVE-2017-2784 (Freeing of memory allocated on > > stack when validating a public key with a secp224k1 curve) which is a > > no-DSA security issue. > > > > I've tested the CVE with the testcase which was added to mbedtls (and it > > passes only after the patch is applied). Unfortunately the test system > > is broken in polarssl (doesn't handle crashes) so adding the test to > > jessie won't have any affect on the builds unless the test system is > > fixed as well. > > Please go ahead.
Uploaded and flagged for acceptance. Regards, Adam