yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-09-06 04:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added CVE code to ChangeLog

Browse source
This commit is contained in:
Simon Butcher 2015-10-05 17:34:19 +01:00
parent ac4461f783
commit 8b846b8804
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
ChangeLog
View file

@ -3,9 +3,9 @@ PolarSSL ChangeLog
= Version 1.2.17 released 2015-10-xx = Version 1.2.17 released 2015-10-xx
Security Security
* Fix possible heap buffer overflow in SSL if a very long hostname is used. * Fix for CVE-2015-5291. Possible heap buffer overflow in SSL if a very long
Can be trigerred remotely if you accept hostnames from untrusted parties. hostname is used. Can be trigerred remotely if you accept hostnames from
Found by Guido Vranken, Intelworks. untrusted parties. Found by Guido Vranken, Intelworks.
* Fix stack buffer overflow in pkcs12 decryption (used by * Fix stack buffer overflow in pkcs12 decryption (used by
mbedtls_pk_parse_key(file)() when the password is > 129 bytes. Found by mbedtls_pk_parse_key(file)() when the password is > 129 bytes. Found by
Guido Vranken, Intelworks. Not triggerable remotely. Guido Vranken, Intelworks. Not triggerable remotely.