Re: [OpenWrt-Devel] [PATCH] mbedtls: update to 2.16.4

Magnus Kroken Sat, 25 Jan 2020 10:00:29 -0800

On 25.01.2020 18:33, Magnus Kroken wrote:

Fixes side channel vulnerabilities in mbed TLS' implementation of ECDSA.


Release announcement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released

Security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12

Signed-off-by: Magnus Kroken <mkro...@gmail.com>
---

Please note: upstream did not update include/mbedtls/version.h in2.16.3. .so filenames as well as software relying on e.g.MBEDTLS_VERSION_NUMBER will report 2.16.3 as the version. This has beenreported upstream[1].

I have not modified version.h in this patch, as upstream has not yetcommitted any updates or confirmed a fixed release.


1: https://github.com/ARMmbed/mbedtls/issues/3004

Regards,
Magnus Kroken

_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] mbedtls: update to 2.16.4

Reply via email to