[Buildroot] [PATCH 1/1] package/mbedtls: security bump to version 2.16.8
Peter Korsgaard
peter at korsgaard.com
Sat Sep 5 07:43:08 UTC 2020
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> Fix a "Local side channel attack on classical CBC decryption in (D)TLS"
> a.k.a. CVE-2020-16150:
> https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1
> as well as a "Local side channel attack on RSA and static
> Diffie-Hellman" (no CVE):
> https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2
> Also change MBEDTLS_SITE and retrieve hash provided by upstream
> https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2020.02.x and 2020.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list