Candidate: CVE-2015-1182
PublicDate: 2015-01-27 20:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1182
 https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
Description:
 The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0
 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a
 pointer in the asn1_sequence linked list, which allows remote attackers to
 cause a denial of service (crash) or possibly execute arbitrary code via a
 crafted ASN.1 sequence in a certificate.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775776
Priority: high
Discovered-by:
Assigned-to:
CVSS: 

Patches_polarssl:
 upstream: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
upstream_polarssl: released (1.3.9-2.1)
lucid_polarssl: ignored (reached end-of-life)
precise_polarssl: ignored (reached end-of-life)
precise/esm_polarssl: DNE (precise was needed)
trusty_polarssl: ignored (reached end-of-life)
trusty/esm_polarssl: DNE (trusty was needed)
utopic_polarssl: ignored (reached end-of-life)
vivid_polarssl: ignored (reached end-of-life)
vivid/stable-phone-overlay_polarssl: DNE
vivid/ubuntu-core_polarssl: DNE
wily_polarssl: not-affected (1.3.9-2.1)
xenial_polarssl: DNE
yakkety_polarssl: DNE
zesty_polarssl: DNE
artful_polarssl: DNE
bionic_polarssl: DNE
cosmic_polarssl: DNE
disco_polarssl: DNE
devel_polarssl: DNE

Patches_mbedtls:
upstream_mbedtls: released (1.3.9-2.1)
precise_mbedtls: DNE
precise/esm_mbedtls: DNE
trusty_mbedtls: DNE
trusty/esm_mbedtls: DNE
vivid/stable-phone-overlay_mbedtls: DNE
vivid/ubuntu-core_mbedtls: DNE
wily_mbedtls: DNE
xenial_mbedtls: not-affected (1.3.9-2.1)
yakkety_mbedtls: not-affected (1.3.9-2.1)
zesty_mbedtls: not-affected (1.3.9-2.1)
artful_mbedtls: not-affected (1.3.9-2.1)
bionic_mbedtls: not-affected (1.3.9-2.1)
cosmic_mbedtls: not-affected (1.3.9-2.1)
disco_mbedtls: not-affected (1.3.9-2.1)
devel_mbedtls: not-affected (1.3.9-2.1)