mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-18 05:42:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request from yanesca/add-cve-ids-to-changelog

Browse Source 
Add CVE IDs to Changelog
This commit is contained in:
Janos Follath 2024-03-14 11:41:30 +00:00 committed by GitHub
commit 8564f78c89
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 2 additions and 0 deletions

1
ChangeLog.d/tls-max-version-reset.txt

@ -4,3 +4,4 @@ Security
An attacker was able to prevent an Mbed TLS server from establishing any An attacker was able to prevent an Mbed TLS server from establishing any
TLS 1.3 connection potentially resulting in a Denial of Service or forced TLS 1.3 connection potentially resulting in a Denial of Service or forced
version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e. version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e.
Fixes CVE-2024-28755.

1
ChangeLog.d/tls13-only-server.txt

@ -8,3 +8,4 @@ Security
- If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client - If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client
was able to successfully establish a TLS 1.2 connection with the server. was able to successfully establish a TLS 1.2 connection with the server.
Reported by alluettiv on GitHub. Reported by alluettiv on GitHub.
Fixes CVE-2024-28836.