mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-16 08:42:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add CVE IDs to Changelog

Browse Source 
Signed-off-by: Janos Follath <janos.follath@arm.com>
This commit is contained in:
Janos Follath 2024-03-14 09:38:03 +00:00
parent 5aef299006
commit 9edd7fd002
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog.d/tls-max-version-reset.txt
View File

@ -4,3 +4,4 @@ Security
An attacker was able to prevent an Mbed TLS server from establishing any An attacker was able to prevent an Mbed TLS server from establishing any
TLS 1.3 connection potentially resulting in a Denial of Service or forced TLS 1.3 connection potentially resulting in a Denial of Service or forced
version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e. version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e.
Fixes CVE-2024-28755.

1
ChangeLog.d/tls13-only-server.txt
View File

@ -8,3 +8,4 @@ Security
- If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client - If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client
was able to successfully establish a TLS 1.2 connection with the server. was able to successfully establish a TLS 1.2 connection with the server.
Reported by alluettiv on GitHub. Reported by alluettiv on GitHub.
Fixes CVE-2024-28836.