Source: mbedtls Version: 2.13.0-3 Severity: grave Tags: security upstream Hi,
The following vulnerability was published for mbedtls. CVE-2018-19608[0]: | Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a | local unprivileged attacker to recover the plaintext of RSA | decryption, which is used in RSA-without-(EC)DH(E) cipher suites. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-19608 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19608 [1] https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-03 [2] https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.1-2.7.8-and-2.1.17-released Please adjust the affected versions in the BTS as needed. Regards, Salvatore