-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 05 Mar 2018 18:24:47 +0000 Source: mbedtls Binary: libmbedtls-dev libmbedcrypto0 libmbedtls10 libmbedx509-0 libmbedtls-doc Architecture: i386 Version: 2.4.2-1+deb9u2 Distribution: stretch-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: James Cowgill Description: libmbedcrypto0 - lightweight crypto and SSL/TLS library - crypto library libmbedtls-dev - lightweight crypto and SSL/TLS library - development files libmbedtls-doc - lightweight crypto and SSL/TLS library - documentation libmbedtls10 - lightweight crypto and SSL/TLS library - tls library libmbedx509-0 - lightweight crypto and SSL/TLS library - x509 certificate library Closes: 890287 890288 Changes: mbedtls (2.4.2-1+deb9u2) stretch-security; urgency=high . * Fix CVE-2017-18187: Unsafe bounds check in ssl_parse_client_psk_identity(). * Fix CVE-2018-0487: Buffer overflow when verifying RSASSA-PSS signatures. (Closes: #890288) * Fix CVE-2018-0488: Buffer overflow when truncated HMAC is enabled. (Closes: #890287) Checksums-Sha1: 3df8ae8f5d561d16ba835382f05579784fbbcab3 256620 libmbedcrypto0-dbgsym_2.4.2-1+deb9u2_i386.deb bdf9ac2d95f023f902cb15776d257c806a8495e7 181290 libmbedcrypto0_2.4.2-1+deb9u2_i386.deb 269e3c7a3c85e3e3888b8deea6554a2c0e204441 161368 libmbedtls-dev_2.4.2-1+deb9u2_i386.deb 1f8f77dd0cdfe4fd56cf92446451d3aef65d0f4c 117958 libmbedtls10-dbgsym_2.4.2-1+deb9u2_i386.deb 9bc889de77c81c351df5c6cb2ffc75f4383282e5 105702 libmbedtls10_2.4.2-1+deb9u2_i386.deb eeda9c3a88d70f7074f54196f44adb461bb39f61 51950 libmbedx509-0-dbgsym_2.4.2-1+deb9u2_i386.deb 1962ee8e88f65e9574585f571a5f2a88b0b8bf75 72580 libmbedx509-0_2.4.2-1+deb9u2_i386.deb 1e38c949e15a0269548cb2e364271bb4501fe862 8093 mbedtls_2.4.2-1+deb9u2_i386.buildinfo Checksums-Sha256: 4ac79cba25a04914ccbb2241a44254292a16cb03f872f66b33442d5c0ddd1829 256620 libmbedcrypto0-dbgsym_2.4.2-1+deb9u2_i386.deb bcc6c5a5da8f65a2842ed5a3a921a2447d588c25f17f6aa00b24935892868625 181290 libmbedcrypto0_2.4.2-1+deb9u2_i386.deb 4cb45ed0853444ec8ddc7b4baab6f899c733f517b40303538aa9b5e74358da36 161368 libmbedtls-dev_2.4.2-1+deb9u2_i386.deb c9780e83314020e3073421ace6d78a95b6481ef55ec00f314eace1394192a080 117958 libmbedtls10-dbgsym_2.4.2-1+deb9u2_i386.deb 328f1b786ff1877e64dd80b8ddf956e13de85e3d921cf2cf9cc610b2e72b2610 105702 libmbedtls10_2.4.2-1+deb9u2_i386.deb f641a6a6967aad795268eab19feb903a25b10846393c20b1132a3289e0a7884e 51950 libmbedx509-0-dbgsym_2.4.2-1+deb9u2_i386.deb 1618846418bb62daf30f08897b6b06c3d2d2531d20be991167eef9e47356ad5d 72580 libmbedx509-0_2.4.2-1+deb9u2_i386.deb eb6fc4f39ca4d376ee457471cf6c1fac5e6e181a76050b1269739c79bf92ec5b 8093 mbedtls_2.4.2-1+deb9u2_i386.buildinfo Files: ce1334ff265517a8e05aeac577d64553 256620 debug extra libmbedcrypto0-dbgsym_2.4.2-1+deb9u2_i386.deb 5d3a8cd21996d2ced821289c27cc9db2 181290 libs optional libmbedcrypto0_2.4.2-1+deb9u2_i386.deb 2d02a936afe9414aae0569ddc4277ae9 161368 libdevel optional libmbedtls-dev_2.4.2-1+deb9u2_i386.deb 48e35c80669920db4347fe87f972136f 117958 debug extra libmbedtls10-dbgsym_2.4.2-1+deb9u2_i386.deb 109c43aeed0431f92962ff9cc9b2a925 105702 libs optional libmbedtls10_2.4.2-1+deb9u2_i386.deb 534ebc4c9f8f69ae47f4dc617c161b08 51950 debug extra libmbedx509-0-dbgsym_2.4.2-1+deb9u2_i386.deb 4d5ec2749afa652563d9cb6b8cf0b55b 72580 libs optional libmbedx509-0_2.4.2-1+deb9u2_i386.deb b80adb7f47d4a4704a5e79b48886145b 8093 libs optional mbedtls_2.4.2-1+deb9u2_i386.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEevHXPYnWIBOaTTctFfcBBC0/C0gFAlqgW5wACgkQFfcBBC0/ C0jLkw//Zexj0TwaalFxTEwd8//jlz1X1bxXgfOq6q8Esd8pWTcPaMbN/9jv2Eer Pu7yv73EPPj29fz5qQqBNCaYqD5T14T4vVoMZxPRtbyKfRbkWRND6S9UVS+vVSqS dnO/uUAEjo4llTL1s9gvEWjykxY48ViyTeF2ABmVuxnwf5GudelFsqEWr3l/iYxW 521ZqwFACoS9eAREqrBElUV8vVRzWIs7i0U7vluwWydlmn+t1pHUUdP2WYGZLx8C +NRkx1gLdCqvJvBtcuDkOPw8NsA2sa9rHj/Pi6lbQbh8gbJG7KepuchPGyY6xCOB iM05KHh+KNd/+DOkrrusXNocp8qUywD8UTZ79Ro54JXit4kDRd7TNxMk1ueq973c 6e/WRVkO11WsS4TEPnsqsEnvnkVFZSNnahNikjnnpzSMJosCphjKhXw8Ijo2UvEp gs3C1RWCPyFfawZXZv+ZubdSrLKSHsmC7xoBqz9cNQi9hToBCAGq8pfWGB/DtINI FBo0PemisJAs6JcgmjPTijY3FtxR6CQRygF5IVRHiybl9V1KmRnL1N47HPxhQIrm zSP91jOvv4H46CGTkWrTgr9Ma8ZyWVbyAsA0hhuSwhzW3kExc00ZS0hs93HUErA5 eOIdpjXyDCOv0CtjRYxhsofPU70tHAtcf6GFo6L1K5/PCGw9lE0= =UCjD -----END PGP SIGNATURE-----