mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 16:35:41 +01:00
Tweak RSA vulnerability changelog entry
* Correct the list of authors. * Add the CVE number. * Improve the impact description.
This commit is contained in:
parent
11cdb0559e
commit
056f19c79f
@ -5,9 +5,10 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
||||
Security
|
||||
* Fix timing variations and memory access variations in RSA PKCS#1 v1.5
|
||||
decryption that could lead to a Bleichenbacher-style padding oracle
|
||||
attack. In TLS, this affects RSA-based ciphersuites without DHE or
|
||||
ECDHE. Reported by Yuval Yarom, Eyal Ronen, Adi Shamir, David Wong and
|
||||
Daniel Genkin.
|
||||
attack. In TLS, this affects servers that accept ciphersuites based on
|
||||
RSA decryption (i.e. ciphersuites whose name contains RSA but not
|
||||
(EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi
|
||||
Shamir, David Wong and Yuval Yarom. CVE-2018-19608
|
||||
|
||||
= mbed TLS 2.13.1 branch released 2018-09-06
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user