Control: tags -1 + confirmed On Tue, 2017-05-09 at 11:42 +0100, James Cowgill wrote: > This polarssl update fixes CVE-2017-2784 (Freeing of memory allocated on > stack when validating a public key with a secp224k1 curve) which is a > no-DSA security issue. > > I've tested the CVE with the testcase which was added to mbedtls (and it > passes only after the patch is applied). Unfortunately the test system > is broken in polarssl (doesn't handle crashes) so adding the test to > jessie won't have any affect on the builds unless the test system is > fixed as well.
Please go ahead. Regards, Adam