File _patchinfo of Package patchinfo

<patchinfo incident="3178">
  <issue id="903672" tracker="bnc">VUL-0: CVE-2014-8627: polarssl: polarssl 1.3.8 used in a server picks weaker signature algorithm than available</issue>
  <issue id="903671" tracker="bnc">hiawatha fails to start due to missing POLARSSL_THREADING_PTHREAD flag in polarssl</issue>
  <issue id="CVE-2014-8627" tracker="cve" />
  <issue id="CVE-2014-8628" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>Fisiu</packager>
  <description>polarssl was updated to version 1.3.9 to fix two security issues.

These security issues were fixed:
- Lowest common hash was selected from signature_algorithms extension in TLS 1.2 (CVE-2014-8627).
- Remotely-triggerable memory leak when parsing some X.509 certificates (CVE-2014-8628).
</description>
  <summary>Security update for polarssl</summary>
</patchinfo>