[Buildroot] [PATCH] mbedtls: security bump to version 2.7.5
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Fri Aug 24 21:12:36 UTC 2018
Hello,
On Fri, 24 Aug 2018 18:27:15 +0200, Peter Korsgaard wrote:
> Fixes the following security issues:
>
> - CVE-2018-0497: Remote plaintext recovery on use of CBC based ciphersuites
> through a timing side-channel
>
> - CVE-2018-0498: Plaintext recovery on use of CBC based ciphersuites through
> a cache based side-channel
>
> For more info, see the advisory:
> https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
> package/mbedtls/mbedtls.hash | 6 +++---
> package/mbedtls/mbedtls.mk | 2 +-
> 2 files changed, 4 insertions(+), 4 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list