Update reference to attack in ChangeLog

We couldn't do that before the attack was public
This commit is contained in:
Manuel Pégourié-Gonnard 2016-01-07 13:18:01 +01:00
parent 543e4366bc
commit ddf118961a

View file

@ -6,7 +6,10 @@ Security
* Fix potential double free when mbedtls_asn1_store_named_data() fails to * Fix potential double free when mbedtls_asn1_store_named_data() fails to
allocate memory. Only used for certificate generation, not triggerable allocate memory. Only used for certificate generation, not triggerable
remotely in SSL/TLS. Found by Rafał Przywara. #367 remotely in SSL/TLS. Found by Rafał Przywara. #367
* Disable MD5 handshake signatures in TLS 1.2 by default * Disable MD5 handshake signatures in TLS 1.2 by default to prevent the
SLOTH attack on TLS 1.2 server authentication (other attacks from the
SLOTH paper do not apply to any version of mbed TLS or PolarSSL).
https://www.mitls.org/pages/attacks/SLOTH
Bugfix Bugfix
* Fix over-restrictive length limit in GCM. Found by Andreas-N. #362 * Fix over-restrictive length limit in GCM. Found by Andreas-N. #362