[Buildroot] [PATCH] package/libressl: security bump to 3.2.5
Peter Korsgaard
peter at korsgaard.com
Sun Mar 28 18:52:15 UTC 2021
>>>>> "Ismael" == Ismael Luceno <ismael at iodev.co.uk> writes:
> On 26/Mar/2021 23:47, Peter Korsgaard wrote:
>> >>>>> "Ismael" == Ismael Luceno <ismael at iodev.co.uk> writes:
>>
>> > It includes the following bug fix:
>> > * A TLS client using session resumption may cause a use-after-free.
>>
>> > https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.5-relnotes.txt
>>
>> > Signed-off-by: Ismael Luceno <ismael at iodev.co.uk>
>>
>> Committed to 2020.11.x and 2021.02.x, thanks.
>>
>> It it not really clear to me if this is only an issue in 3.2.x /
>> TLSv1.3?
> AFAICT, it's covered; 3.1 branch is unaffected, the field causing the issue
> was introduced in the 3.2 branch. BTW, 3.3.1 also seems to be affected.
Ok, thanks!
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list