Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2026-01-03 13:15:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'mbedtls-2.16-restricted' into prepare-rc-2.16.6-updated

Browse source 
* mbedtls-2.16-restricted:
  Parse HelloVerifyRequest buffer overread: add changelog entry
  Parse HelloVerifyRequest: avoid buffer overread at the start
  Parse HelloVerifyRequest: avoid buffer overread on the cookie
This commit is contained in:
Manuel Pégourié-Gonnard 2020-04-09 12:27:20 +02:00
commit dab3fd64ab
2 changed files with 16 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
ChangeLog
View file

@ -8,6 +8,8 @@ Security
untrusted operating system attacking a secure enclave) to fully recover
an ECDSA private key. Found and reported by Alejandro Cabrera Aldaya,
Billy Brumley and Cesar Pereida Garcia. CVE-2020-10932
* Fix a potentially remotely exploitable buffer overread in a
DTLS client when parsing the Hello Verify Request message.
Bugfix
* Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and