yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-04-19 21:42:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added CVE code to ChangeLog

Browse source
This commit is contained in:
Simon Butcher 2015-10-05 17:34:19 +01:00
parent ac4461f783
commit 8b846b8804
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
ChangeLog
View file

@ -3,9 +3,9 @@ PolarSSL ChangeLog
= Version 1.2.17 released 2015-10-xx
Security
* Fix possible heap buffer overflow in SSL if a very long hostname is used.
Can be trigerred remotely if you accept hostnames from untrusted parties.
Found by Guido Vranken, Intelworks.
* Fix for CVE-2015-5291. Possible heap buffer overflow in SSL if a very long
hostname is used. Can be trigerred remotely if you accept hostnames from
untrusted parties. Found by Guido Vranken, Intelworks.
* Fix stack buffer overflow in pkcs12 decryption (used by
mbedtls_pk_parse_key(file)() when the password is > 129 bytes. Found by
Guido Vranken, Intelworks. Not triggerable remotely.