mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-07-02 05:58:31 +00:00
Adapt ChangeLog
This commit is contained in:
Hanno Becker
parent
251bab5ceb
commit
4d48bb6ca3
|
|
@ -2,6 +2,14 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
|||
|
||||
= mbed TLS 1.3.22 branch released 2017-xx-xx
|
||||
|
||||
Security
|
||||
* Fix heap corruption in implementation of truncated HMAC extension.
|
||||
When the truncated HMAC extension is enabled and CBC is used,
|
||||
sending a malicious application packet can be used to selectively
|
||||
corrupt 6 bytes on the peer's heap, potentially leading to crash or
|
||||
remote code execution. This can be triggered remotely from either
|
||||
side.
|
||||
|
||||
Bugfix
|
||||
* Fix memory leak in ssl_set_hostname() when called multiple times.
|
||||
Found by projectgus and jethrogb, #836.
|
||||
|
|
|
|||
Loading…
Reference in a new issue