** Changed in: polarssl (Debian)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1672686
Title:
CVE-2017-2784 - Freeing of memory allocated on stack when v
** Changed in: polarssl (Debian)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1672686
Title:
CVE-2017-2784 - Freeing of memory allocated on stack when vali
Since there is nothing left to sponsor, I am unsubscribing ubuntu-
security-sponsors. Please re-subscribe the group when attaching another
debdiff. Thanks!
** Also affects: polarssl (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: mbedtls (Ubuntu Xenial)
Importance:
This bug was fixed in the package mbedtls - 2.2.1-2ubuntu0.1
---
mbedtls (2.2.1-2ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Freeing of memory allocated on stack when validating
a public key with a secp224k1 curve. (LP: #1672686)
- debian/patches/CVE-2017-2
This bug was fixed in the package mbedtls - 2.3.0-1ubuntu0.1
---
mbedtls (2.3.0-1ubuntu0.1) yakkety-security; urgency=medium
* SECURITY UPDATE: Freeing of memory allocated on stack when validating
a public key with a secp224k1 curve. (LP: #1672686)
- debian/patches/CVE-2017-
** Changed in: polarssl (Ubuntu)
Importance: Undecided => Medium
** Changed in: mbedtls (Ubuntu)
Importance: Undecided => Medium
** Tags added: patch trusty xenial yakkety
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https:/
Added patches for mbedtls.
For testing, I applied the testcase from here:
https://github.com/ARMmbed/mbedtls/commit/28fff141133314308994738fbe4f24f4a1e3c64d
Then tried building the package with and without the CVE fix patch
(making sure it failed before and passed after).
** Changed in: mbedtls
** Patch added: "xenial-CVE-2017-2784.debdiff"
https://bugs.launchpad.net/ubuntu/+source/polarssl/+bug/1672686/+attachment/4839964/+files/xenial-CVE-2017-2784.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.lau
** Patch added: "yakkety-CVE-2017-2784.debdiff"
https://bugs.launchpad.net/ubuntu/+source/polarssl/+bug/1672686/+attachment/4839965/+files/yakkety-CVE-2017-2784.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.l
** Changed in: polarssl (Debian)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1672686
Title:
CVE-2017-2784 - Freeing of memory allocated on stack when validat
** Summary changed:
- CVE-2017-2748 - Freeing of memory allocated on stack when validating a public
key with a secp224k1 curve
+ CVE-2017-2784 - Freeing of memory allocated on stack when validating a public
key with a secp224k1 curve
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?n
11 matches
Mail list logo
