Merge pull request #9089 from ronald-cron-arm/add-cve-2024-30166-ref-3.6

[Backport 3.6] ChangeLog: Add missing reference to CVE in security entry
This commit is contained in:
Gilles Peskine 2024-05-02 19:47:36 +00:00 committed by GitHub
commit 82cd3d1014
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -144,6 +144,7 @@ Security
* Fix a stack buffer overread (less than 256 bytes) when parsing a TLS 1.3
ClientHello in a TLS 1.3 server supporting some PSK key exchange mode. A
malicious client could cause information disclosure or a denial of service.
Fixes CVE-2024-30166.
* Passing buffers that are stored in untrusted memory as arguments
to PSA functions is now secure by default.
The PSA core now protects against modification of inputs or exposure