http://bugzilla.opensuse.org/show_bug.cgi?id=903672 Bug ID: 903672 Summary: polarssl 1.3.8 used in a server picks weaker signature algorithm than available Classification: openSUSE Product: openSUSE Distribution Version: 13.2 RC 1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: fisiu@opensuse.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- "On the security front this release fixes a mistake in the negotiation introduced in PolarSSL 1.3.8. The mistake resulted in servers negotiating a weaker signature algorithm than available. In addition two remotely-triggerable memory leaks were found by the Codenomicon Defensics tool and fixed in this release. No new features are introduced in this release. A number of changes in behaviour and bug fixes are included." https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released -- You are receiving this mail because: You are on the CC list for the bug.