Source: mbedtls Version: 2.16.2-1 Severity: important Tags: security upstream
Hi, The following vulnerability was published for mbedtls. Not checked in details, so please double check for mbedtls. CVE-2019-16910[0]: | Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when | deterministic ECDSA is enabled, use an RNG with insufficient entropy | for blinding, which might allow an attacker to recover a private key | via side-channel attacks if a victim signs the same message many | times. (For Mbed TLS, the fix is also available in versions 2.7.12 and | 2.16.3.) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-16910 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16910 [1] https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
