yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-07-02 02:28:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adapt ChangeLog

Browse source
This commit is contained in:
Hanno Becker 2017-11-20 10:31:05 +00:00
parent 251bab5ceb
commit 4d48bb6ca3
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
ChangeLog
View file

@ -2,6 +2,14 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 1.3.22 branch released 2017-xx-xx = mbed TLS 1.3.22 branch released 2017-xx-xx
Security
* Fix heap corruption in implementation of truncated HMAC extension.
When the truncated HMAC extension is enabled and CBC is used,
sending a malicious application packet can be used to selectively
corrupt 6 bytes on the peer's heap, potentially leading to crash or
remote code execution. This can be triggered remotely from either
side.
Bugfix Bugfix
* Fix memory leak in ssl_set_hostname() when called multiple times. * Fix memory leak in ssl_set_hostname() when called multiple times.
Found by projectgus and jethrogb, #836. Found by projectgus and jethrogb, #836.