mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-15 23:42:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1201 from yanesca/add-cve-ids-to-changelog

Browse Source 
Add CVE IDs to Changelog
This commit is contained in:
Janos Follath 2024-03-14 11:41:30 +00:00 committed by GitHub
commit 8564f78c89
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog.d/tls-max-version-reset.txt
View File

@ -4,3 +4,4 @@ Security
An attacker was able to prevent an Mbed TLS server from establishing any
TLS 1.3 connection potentially resulting in a Denial of Service or forced
version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e.
Fixes CVE-2024-28755.

1
ChangeLog.d/tls13-only-server.txt
View File

@ -8,3 +8,4 @@ Security
- If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client
was able to successfully establish a TLS 1.2 connection with the server.
Reported by alluettiv on GitHub.
Fixes CVE-2024-28836.