NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b55c0c7cd5
kumquat-buildroot/package/mbedtls
History
Baruch Siach babc94e9dd mbedtls: security bump to version 2.7.2 
The release announcement mentions these security fixes:

  Defend against Bellcore glitch attacks by verifying the results of RSA
  private key operations.

  Fix implementation of the truncated HMAC extension. The previous
  implementation allowed an offline 2^80 brute force attack on the HMAC
  key of a single, uninterrupted connection (with no resumption of the
  session).

  Reject CRLs containing unsupported critical extensions.

  Fix a buffer overread in ssl_parse_server_key_exchange() that could
  cause a crash on invalid input. (CVE-2018-9988)

  Fix a buffer overread in ssl_parse_server_psk_hint() that could cause
  a crash on invalid input. (CVE-2018-9989)

Drop upstream patch.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-25 15:29:57 +02:00
..
Config.in
mbedtls.hash mbedtls: security bump to version 2.7.2 2018-04-25 15:29:57 +02:00
mbedtls.mk mbedtls: security bump to version 2.7.2 2018-04-25 15:29:57 +02:00