Source: mbedtls Version: 2.16.11-0.3 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for mbedtls. CVE-2021-44732[0]: | Mbed TLS before 3.0.1 has a double free in certain out-of-memory | conditions, as demonstrated by an mbedtls_ssl_set_session() failure. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-44732 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44732 [1] https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
