From b65c2be5f174468a178b6d9456b20ca969d4a3d6 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 10 Mar 2017 18:50:44 +0000 Subject: [PATCH] Updated version number to 2.4.2 for release --- ChangeLog | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index ed66ce98a..13de8672c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,8 +1,13 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x branch released xxxx-xx-xx += mbed TLS 2.4.2 branch released 2017-03-08 Security + * Add checks to prevent signature forgeries for very large messages while + using RSA through the PK module in 64-bit systems. The issue was caused by + some data loss when casting a size_t to an unsigned int value in the + functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and + mbedtls_pk_sign(). Found by Jean-Philippe Aumasson. * Fixed potential livelock during the parsing of a CRL in PEM format in mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing characters after the footer could result in the execution of an infinite