yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-10 19:35:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update reference to attack in ChangeLog

Browse source 
We couldn't do that before the attack was public
This commit is contained in:
Manuel Pégourié-Gonnard 2016-01-07 13:18:01 +01:00
parent 84181adae8
commit a3a1cd33d1
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -6,7 +6,10 @@ Security
* Fix potential double free when mbedtls_asn1_store_named_data() fails to
allocate memory. Only used for certificate generation, not triggerable
remotely in SSL/TLS. Found by Rafał Przywara. #367
* Disable MD5 handshake signatures in TLS 1.2 by default
* Disable MD5 handshake signatures in TLS 1.2 by default to prevent the
SLOTH attack on TLS 1.2 server authentication (other attacks from the
SLOTH paper do not apply to any version of mbed TLS or PolarSSL).
https://www.mitls.org/pages/attacks/SLOTH
Bugfix
* Fix over-restricive length limit in GCM. Found by Andreas-N. #362