yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 10:55:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update reference to attack in ChangeLog

Browse Source 
We couldn't do that before the attack was public
This commit is contained in:
Manuel Pégourié-Gonnard 2016-01-07 13:18:01 +01:00
parent bfafadb45d
commit f92c86e44d
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -6,7 +6,10 @@ Security
* Fix potential double free when mbedtls_asn1_store_named_data() fails to * Fix potential double free when mbedtls_asn1_store_named_data() fails to
allocate memory. Only used for certificate generation, not triggerable allocate memory. Only used for certificate generation, not triggerable
remotely in SSL/TLS. Found by Rafał Przywara. #367 remotely in SSL/TLS. Found by Rafał Przywara. #367
* Disable MD5 handshake signatures in TLS 1.2 by default * Disable MD5 handshake signatures in TLS 1.2 by default to prevent the
SLOTH attack on TLS 1.2 server authentication (other attacks from the
SLOTH paper do not apply to any version of mbed TLS or PolarSSL).
https://www.mitls.org/pages/attacks/SLOTH
Bugfix Bugfix
* Fix over-restrictive length limit in GCM. Found by Andreas-N. #362 * Fix over-restrictive length limit in GCM. Found by Andreas-N. #362