[Buildroot] [PATCH] mbedtls: security bump to version 2.7.5

Thomas Petazzoni thomas.petazzoni at bootlin.com
Fri Aug 24 21:12:36 UTC 2018


Hello,

On Fri, 24 Aug 2018 18:27:15 +0200, Peter Korsgaard wrote:
> Fixes the following security issues:
> 
> - CVE-2018-0497: Remote plaintext recovery on use of CBC based ciphersuites
>   through a timing side-channel
> 
> - CVE-2018-0498: Plaintext recovery on use of CBC based ciphersuites through
>   a cache based side-channel
> 
> For more info, see the advisory:
> https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
> 
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
>  package/mbedtls/mbedtls.hash | 6 +++---
>  package/mbedtls/mbedtls.mk   | 2 +-
>  2 files changed, 4 insertions(+), 4 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com



More information about the buildroot mailing list