Hi James Apologies for the delay!
On Fri, Sep 01, 2017 at 11:03:45AM +0100, James Cowgill wrote: > Hi, > > On 30/08/17 20:48, Salvatore Bonaccorso wrote: > > Control: retitle mbedtls: CVE-2017-14032: authentication bypass > > > > Hi > > > > On Tue, Aug 29, 2017 at 12:09:30AM +0100, James Cowgill wrote: > >> Source: mbedtls > >> Version: 2.1.2-1 > >> Severity: grave > >> Tags: security > >> > >> Hi, > >> > >> The following security advisory was published for mbedtls: > >> https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02 > > > > MITRE has assigned CVE-2017-14032 for this issue. > > Does the attached patch look OK for stretch? I did a bit of testing with > it and it seems to fix the issue for me. Thank you. Looks good to me (although without tests). If your are confident enough with the results of your testing, please go ahead with the upload to security-master. Keep in mind that you need to build with -sa to include the orig tarball, since it's new to dak on security-master. Regards, Salvatore
signature.asc
Description: PGP signature