[Secure-testing-commits] r55262 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Aug 30 19:52:19 UTC 2017
Author: carnil
Date: 2017-08-30 19:52:19 +0000 (Wed, 30 Aug 2017)
New Revision: 55262
Modified:
data/CVE/list
Log:
Add CVE-2017-14032/mbedtls issue, #873557
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-30 19:38:36 UTC (rev 55261)
+++ data/CVE/list 2017-08-30 19:52:19 UTC (rev 55262)
@@ -1,3 +1,12 @@
+CVE-2017-14032 [authentication bypass]
+ - mbedtls 2.6.0-1 (bug #873557)
+ - polarssl <removed>
+ [jessie] - polarssl <not-affected> (Vulnerable code not present)
+ [wheezy] - polarssl <not-affected> (Vulnerable code not present)
+ NOTE: Affected versions: all from version 1.3.10 up and including 2.1 and later releases
+ NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02
+ NOTE: https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32
+ NOTE: https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc
CVE-2017-13779
RESERVED
CVE-2017-13778
More information about the Secure-testing-commits
mailing list