[Buildroot] [PATCH 1/1] package/mbedtls: security bump to version 2.16.8

Peter Korsgaard peter at korsgaard.com
Sat Sep 5 07:43:08 UTC 2020


>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > Fix a "Local side channel attack on classical CBC decryption in (D)TLS"
 > a.k.a. CVE-2020-16150:
 > https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1

 > as well as a "Local side channel attack on RSA and static
 > Diffie-Hellman" (no CVE):
 > https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2

 > Also change MBEDTLS_SITE and retrieve hash provided by upstream

 > https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed to 2020.02.x and 2020.05.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list