-
wolfssl (4.1.0+dfsg-2) unstable; urgency=medium
* Cherry-pick commit c6e4aebc from upstream. Fixes CVE-2019-15651.
"One-byte heap-based buffer over-read in DecodeCertExtensions".
-- Felix Lechner <email address hidden> Wed, 18 Sep 2019 17:28:15 -0700
-
wolfssl (4.1.0+dfsg-1ubuntu1) devel; urgency=medium
* SECURITY UPDATE: wolfSSL 4.1.0 has a one-byte heap-based buffer over-read
- d/p/CVE-2019-15651.patch: Cherry-pick upstream commits fixing the issue.
- CVE-2019-15651
-- Unit 193 <email address hidden> Fri, 13 Sep 2019 19:00:12 -0400
-
wolfssl (4.1.0+dfsg-1) unstable; urgency=medium
* In 'telegram-cli', wolfSSL may have found its first user in Debian
* Thank you to Liu Ying-Chun <email address hidden> for helping with packaging
* New upstream release
- Fixes CVE-2019-11873
"Buffer Overflow in DoPreSharedKeys in tls13.c"
(Closes: #929468)
- Fixed CVE-2018-16870 in 3.15.7
"Bleichenbacher downgrade attack TLS"
(Closes: #918952)
* Bumped library major number to 19
* Updated shared object symbols
* Updated Debian patches
* Bumped Standards-Version to 4.4.0
* Bumped debhelper compat to 12, via debhelper-compat (= 12) in d/control
* Excluded resource.h and generated html in d/copyright
* Updated some end dates in d/copyright
-- Felix Lechner <email address hidden> Wed, 11 Sep 2019 15:08:30 -0700
-
wolfssl (3.15.3+dfsg-2) unstable; urgency=medium
* Ship wolfssl/control.h (Closes: #904711)
* Enabled TLS 1.3 (Closes: #904710)
-- Felix Lechner <email address hidden> Fri, 03 Aug 2018 20:32:42 -0700