yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-20 21:41:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Tweak RSA vulnerability changelog entry

Browse source 
* Correct the list of authors.
* Add the CVE number.
* Improve the impact description.
This commit is contained in:
Gilles Peskine 2018-11-29 12:45:01 +01:00
parent f1a8eeb0a6
commit cc47d6c595
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
ChangeLog
View file

@ -5,9 +5,10 @@ mbed TLS ChangeLog (Sorted per branch, date)
Security Security
* Fix timing variations and memory access variations in RSA PKCS#1 v1.5 * Fix timing variations and memory access variations in RSA PKCS#1 v1.5
decryption that could lead to a Bleichenbacher-style padding oracle decryption that could lead to a Bleichenbacher-style padding oracle
attack. In TLS, this affects RSA-based ciphersuites without DHE or attack. In TLS, this affects servers that accept ciphersuites based on
ECDHE. Reported by Yuval Yarom, Eyal Ronen, Adi Shamir, David Wong and RSA decryption (i.e. ciphersuites whose name contains RSA but not
Daniel Genkin. (EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi
Shamir, David Wong and Yuval Yarom. CVE-2018-19608
Bugfix Bugfix
* Fix failure in hmac_drbg in the benchmark sample application, when * Fix failure in hmac_drbg in the benchmark sample application, when