[OpenWrt-Devel] [PATCH] mbedtls: update to 2.16.4
Magnus Kroken
mkroken at gmail.com
Sat Jan 25 12:59:24 EST 2020
On 25.01.2020 18:33, Magnus Kroken wrote:
> Fixes side channel vulnerabilities in mbed TLS' implementation of ECDSA.
>
> Release announcement:
> https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released
>
> Security advisory:
> https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12
>
> Signed-off-by: Magnus Kroken <mkroken at gmail.com>
> ---
Please note: upstream did not update include/mbedtls/version.h in
2.16.3. .so filenames as well as software relying on e.g.
MBEDTLS_VERSION_NUMBER will report 2.16.3 as the version. This has been
reported upstream[1].
I have not modified version.h in this patch, as upstream has not yet
committed any updates or confirmed a fixed release.
1: https://github.com/ARMmbed/mbedtls/issues/3004
Regards,
Magnus Kroken
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list