Bug#856114: wolfssl: CVE-2017-6076

I'm conferencing today and then vacationing Monday, but I should be able to get to it Tuesday. Excerpts from Salvatore Bonaccorso's message of 2017-03-03 21:30:02 +0100: > Hi, > > On Mon, Feb 27, 2017 at 05:42:33PM -0800, Felix Lechner wrote: > > Hi Salvatore, > > > > A version fixing the vulner

Bug#856114: wolfssl: CVE-2017-6076

Hi, On Mon, Feb 27, 2017 at 05:42:33PM -0800, Felix Lechner wrote: > Hi Salvatore, > > A version fixing the vulnerability is available on Mentors > . Please feel free to upload it. > > With a new soname version, this upload will go through NEW. Also I

Bug#856114: wolfssl: CVE-2017-6076

Hi Salvatore, A version fixing the vulnerability is available on Mentors . Please feel free to upload it. With a new soname version, this upload will go through NEW. Also I am not sure the library will make it into stretch. Currently, no packages depend

Bug#856114: wolfssl: CVE-2017-6076

Hi Felix, Sorry for the late reply! On Sat, Feb 25, 2017 at 08:10:22AM -0800, Felix Lechner wrote: > Hi Salvatore, > > Thank you for your email. I would like to package the new version but > 3.10.2 was not signed on GitHub. (Upstream recently added those signatures > for us.) The more recent rel

Bug#856114: wolfssl: CVE-2017-6076

Hi Salvatore, Thank you for your email. I would like to package the new version but 3.10.2 was not signed on GitHub. (Upstream recently added those signatures for us.) The more recent release actually fixes two additional vulnerabilities, with one being more serious. Details are in [0] and replica

Bug#856114: wolfssl: CVE-2017-6076

Source: wolfssl Version: 3.9.10+dfsg-1 Severity: grave Tags: upstream security patch fixed-upstream Hi, the following vulnerability was published for wolfssl. CVE-2017-6076[0]: | In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes | it easier to extract RSA key information for a