[Buildroot] [PATCH] package/libressl: security bump to 3.2.5
Ismael Luceno
ismael at iodev.co.uk
Sat Mar 27 22:23:16 UTC 2021
On 26/Mar/2021 23:47, Peter Korsgaard wrote:
> >>>>> "Ismael" == Ismael Luceno <ismael at iodev.co.uk> writes:
>
> > It includes the following bug fix:
> > * A TLS client using session resumption may cause a use-after-free.
>
> > https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.5-relnotes.txt
>
> > Signed-off-by: Ismael Luceno <ismael at iodev.co.uk>
>
> Committed to 2020.11.x and 2021.02.x, thanks.
>
> It it not really clear to me if this is only an issue in 3.2.x /
> TLSv1.3?
AFAICT, it's covered; 3.1 branch is unaffected, the field causing the issue
was introduced in the 3.2 branch. BTW, 3.3.1 also seems to be affected.
More information about the buildroot
mailing list