1
Candidate: CVE-2015-8036
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8036
5
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
6
https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/
7
https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf
8
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html
10
Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before
11
1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of
12
service (client crash) and possibly execute arbitrary code via a long
13
session ticket name to the session ticket extension, which is not properly
14
handled when creating a ClientHello message to resume a session. NOTE:
15
this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different
16
affected version ranges.
21
Discovered-by: Guido Vranken
25
upstream_polarssl: released (1.3.14)
26
precise_polarssl: ignored (reached end-of-life)
27
precise/esm_polarssl: DNE (precise was needs-triage)
28
trusty_polarssl: needed
29
vivid_polarssl: ignored (reached end-of-life)
30
vivid/stable-phone-overlay_polarssl: DNE
31
vivid/ubuntu-core_polarssl: DNE
32
wily_polarssl: released (1.3.9-2.1+deb8u1)
41
upstream_mbedtls: released (2.1.2-1)
43
precise/esm_mbedtls: DNE
45
vivid/stable-phone-overlay_mbedtls: DNE
46
vivid/ubuntu-core_mbedtls: DNE
48
xenial_mbedtls: not-affected (2.2.1-2)
49
yakkety_mbedtls: not-affected (2.2.1-2)
50
zesty_mbedtls: not-affected (2.2.1-2)
51
artful_mbedtls: not-affected (2.2.1-2)
52
bionic_mbedtls: not-affected (2.2.1-2)
53
devel_mbedtls: not-affected (2.2.1-2)