Hi, On 05/09/17 05:46, Salvatore Bonaccorso wrote: > Hi James > > Apologies for the delay! > > On Fri, Sep 01, 2017 at 11:03:45AM +0100, James Cowgill wrote: >> Hi, >> >> On 30/08/17 20:48, Salvatore Bonaccorso wrote: >>> Control: retitle mbedtls: CVE-2017-14032: authentication bypass >>> >>> Hi >>> >>> On Tue, Aug 29, 2017 at 12:09:30AM +0100, James Cowgill wrote: >>>> Source: mbedtls >>>> Version: 2.1.2-1 >>>> Severity: grave >>>> Tags: security >>>> >>>> Hi, >>>> >>>> The following security advisory was published for mbedtls: >>>> https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02 >>> >>> MITRE has assigned CVE-2017-14032 for this issue. >> >> Does the attached patch look OK for stretch? I did a bit of testing with >> it and it seems to fix the issue for me. > > Thank you. Looks good to me (although without tests). If your are > confident enough with the results of your testing, please go ahead > with the upload to security-master. Keep in mind that you need to > build with -sa to include the orig tarball, since it's new to dak on > security-master.
Thanks! Uploaded. Upstream does have some tests for this, although unfortunately it's accompanied by about 200K of test data. James
signature.asc
Description: OpenPGP digital signature