Overview
Request 260041 revoked
- Update to 1.3.9, detailed changes available in ChangeLog file:
* Lowest common hash was selected from signature_algorithms extension in
TLS 1.2: fix boo#903672.
* Remotely-triggerable memory leak when parsing some X.509 certificates.
* Remotely-triggerable memory leak when parsing crafted ClientHello.
* Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x.
* Ciphersuites using RSA-PSK key exchange now require TLS 1.x.
* POLARSSL_MPI_MAX_SIZE now defaults to 1024 in order to allow 8192 bits RSA
keys.
* X.509 certificates with more than one AttributeTypeAndValue per
RelativeDistinguishedName are not accepted any more.
- Build with POLARSSL_THREADING_PTHREAD: fix boo#903671.
Request History
Fisiu created request
- Update to 1.3.9, detailed changes available in ChangeLog file:
* Lowest common hash was selected from signature_algorithms extension in
TLS 1.2: fix boo#903672.
* Remotely-triggerable memory leak when parsing some X.509 certificates.
* Remotely-triggerable memory leak when parsing crafted ClientHello.
* Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x.
* Ciphersuites using RSA-PSK key exchange now require TLS 1.x.
* POLARSSL_MPI_MAX_SIZE now defaults to 1024 in order to allow 8192 bits RSA
keys.
* X.509 certificates with more than one AttributeTypeAndValue per
RelativeDistinguishedName are not accepted any more.
- Build with POLARSSL_THREADING_PTHREAD: fix boo#903671.
msmeissn declined request
cves have just been posted to the bug, can you add them to .changes?
Fisiu revoked request
Please add a comment