-
mbedtls (2.3.0-1ubuntu0.1) yakkety-security; urgency=medium
* SECURITY UPDATE: Freeing of memory allocated on stack when validating
a public key with a secp224k1 curve. (LP: #1672686)
- debian/patches/CVE-2017-2784.patch: fix buffer size calculations in
library/ecp_curves.c.
- CVE-2017-2784
-- James Cowgill <email address hidden> Fri, 17 Mar 2017 09:43:46 +0000
-
mbedtls (2.3.0-1) unstable; urgency=medium
* New upstream version.
* debian/copyright:
- Update dates and my email address.
* debian/patches:
- Refresh 01_config.patch.
- Drop 02_x32.patch -- applied upstream.
- Add 02_ssl_time_t.patch. Fixes compile error when including
mbedtls/ssl.h.
-- James Cowgill <email address hidden> Tue, 28 Jun 2016 18:11:54 +0100
-
mbedtls (2.2.1-3) unstable; urgency=medium
* debian/control:
- Use my debian.org email address.
- Bump standards to 3.9.8 (no changes).
* debian/patches:
- Add 02_x32.patch to fix FTBFS on x32.
* debian/rules:
- Enable all hardening options.
-- James Cowgill <email address hidden> Wed, 18 May 2016 17:21:39 +0100
-
mbedtls (2.2.1-2) unstable; urgency=medium
* debian/control:
- Use secure Vcs-Git URL.
* debian/libmbedcrypto0.lintian-override:
- Drop now that lintian itself has been fixed.
* debian/rules:
- Don't build arch:any packages in arch:all build.
* debian/*.symbols:
- Drop unnecessary patch level from symbol file versions.
* debian/tests:
- Add an autopkgtest which compiles and runs the selftest program.
-- James Cowgill <email address hidden> Sat, 16 Jan 2016 00:12:49 +0000
