[Buildroot] [PATCH 1/1] package/mbedtls: security bump to version 2.16.5

Peter Korsgaard peter at korsgaard.com
Sat Mar 14 14:36:51 UTC 2020


>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 >  - Fix potential memory overread when performing an ECDSA signature
 >    operation. The overread only happens with cryptographically low
 >    probability (of the order of 2^-n where n is the bitsize of the
 >    curve) unless the RNG is broken, and could result in information
 >    disclosure or denial of service (application crash or extra resource
 >    consumption).
 >  - To avoid a side channel vulnerability when parsing an RSA private
 >    key, read all the CRT parameters from the DER structure rather than
 >    reconstructing them.
 >  - Update indentation of hash file (two spaces)

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed to 2019.11.x, thanks.

For 2019.02.x I will instead bump to 2.7.14.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list