[Secure-testing-team] Bug#801413: polarssl: CVE-2015-5291: Remote attack on clients using session tickets or SNI
Salvatore Bonaccorso
carnil at debian.org
Fri Oct 9 20:02:21 UTC 2015
Source: polarssl
Version: 1.2.8-2
Severity: grave
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for polarssl.
CVE-2015-5291[0]:
Remote attack on clients using session tickets or SNI
It has been fixed in PolarSSL 1.2.17 branch, then the rebranded mbed
TLS 1.3.14 (and mbed TLS 2.1.2).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-5291
[1] https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
Regards,
Salvatore
More information about the Secure-testing-team
mailing list