Source: polarssl Version: 1.2.8-2 Severity: grave Tags: security upstream fixed-upstream
Hi, the following vulnerability was published for polarssl. CVE-2015-5291[0]: Remote attack on clients using session tickets or SNI It has been fixed in PolarSSL 1.2.17 branch, then the rebranded mbed TLS 1.3.14 (and mbed TLS 2.1.2). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-5291 [1] https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01 Regards, Salvatore
