Information on source package mbedtls

Available versions

ReleaseVersion
stretch (security)2.4.2-1+deb9u3
buster2.14.1-2
sid2.14.1-2

Open issues

BugstretchbustersidDescription
CVE-2018-9989vulnerable (no DSA)fixedfixedARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer ...
CVE-2018-9988vulnerable (no DSA)fixedfixedARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer ...
CVE-2018-19608vulnerablefixedfixedArm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a ...

Open unimportant issues

BugstretchbustersidDescription
CVE-2018-1000520vulnerablevulnerablevulnerableARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows ...
CVE-2018-1000061vulnerablevulnerablevulnerableARM mbedTLS version development branch, 2.7.0 and earlier contains a ...

Resolved issues

BugDescription
CVE-2018-0498ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows ...
CVE-2018-0497ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows ...
CVE-2018-0488ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the ...
CVE-2018-0487ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows ...
CVE-2017-2784An exploitable free of a stack pointer vulnerability exists in the ...
CVE-2017-18187In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an ...
CVE-2017-14032ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional ...
CVE-2015-8036Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x ...
CVE-2015-5291Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed ...

Security announcements

DSA / DLADescription
DSA-4296-1mbedtls - security update
DSA-4138-1mbedtls - security update
DSA-3967-1mbedtls - security update

Search for package or bug name: Reporting problems