Upstream has issued an advisory on June 28: https://tls.mbed.org/tech-updates/releases/mbedtls-2.3.0-2.1.5-and-1.3.17-released Updates checked into Mageia 5 and Cauldron SVN. Freeze push requested.
Whiteboard: (none) => MGA5TOO
Updated packages uploaded for Mageia 5 and Cauldron. You can use hiawatha, linphone, or pdns to test this. Advisory: ======================== Updated mbedtls packages fix security vulnerabilities: The mbedtls package has been updated to version 1.3.17, which fixes a few minor security issues in mbedtls_rsa_rsaes_pkcs1_v15_encrypt() and mbedtls_rsa_rsaes_oaep_encrypt() and fixes a handful of other bugs as well. See the upstream release announcement for details. References: https://tls.mbed.org/tech-updates/releases/mbedtls-2.3.0-2.1.5-and-1.3.17-released ======================== Updated packages in core/updates_testing: ======================== mbedtls-1.3.17-1.mga5 libmbedtls9-1.3.17-1.mga5 libmbedtls-devel-1.3.17-1.mga5 from mbedtls-1.3.17-1.mga5.src.rpm
Version: Cauldron => 5Assignee: bugsquad => qa-bugsWhiteboard: MGA5TOO => (none)
Testing complete mga5 64 # mbedtls-selftest MD5 test #1: passed MD5 test #2: passed MD5 test #3: passed MD5 test #4: passed ...etc TIMING test #2 (set_alarm / get_timer): passed TIMING test #3 (hardclock / get_timer): passed TIMING test #4 (net_usleep/ get_timer): passed [ All tests passed ]
Whiteboard: (none) => has_procedure mga5-64-ok
Validating
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Whiteboard: has_procedure mga5-64-ok => has_procedure advisory mga5-64-ok
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0249.html
Status: NEW => RESOLVEDResolution: (none) => FIXED