yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-20 21:51:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Tweak RSA vulnerability changelog entry

Browse source 
* Correct the list of authors.
* Add the CVE number.
* Improve the impact description.
This commit is contained in:
Gilles Peskine 2018-11-29 12:45:01 +01:00
parent f1a8eeb0a6
commit cc47d6c595
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
ChangeLog
View file

@ -5,9 +5,10 @@ mbed TLS ChangeLog (Sorted per branch, date)
Security
* Fix timing variations and memory access variations in RSA PKCS#1 v1.5
decryption that could lead to a Bleichenbacher-style padding oracle
attack. In TLS, this affects RSA-based ciphersuites without DHE or
ECDHE. Reported by Yuval Yarom, Eyal Ronen, Adi Shamir, David Wong and
Daniel Genkin.
attack. In TLS, this affects servers that accept ciphersuites based on
RSA decryption (i.e. ciphersuites whose name contains RSA but not
(EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi
Shamir, David Wong and Yuval Yarom. CVE-2018-19608
Bugfix
* Fix failure in hmac_drbg in the benchmark sample application, when