Tweak RSA vulnerability changelog entry

* Correct the list of authors.
* Add the CVE number.
* Improve the impact description.
This commit is contained in:
Gilles Peskine 2018-11-29 12:45:01 +01:00
parent 11cdb0559e
commit 056f19c79f

View file

@ -5,9 +5,10 @@ mbed TLS ChangeLog (Sorted per branch, date)
Security
* Fix timing variations and memory access variations in RSA PKCS#1 v1.5
decryption that could lead to a Bleichenbacher-style padding oracle
attack. In TLS, this affects RSA-based ciphersuites without DHE or
ECDHE. Reported by Yuval Yarom, Eyal Ronen, Adi Shamir, David Wong and
Daniel Genkin.
attack. In TLS, this affects servers that accept ciphersuites based on
RSA decryption (i.e. ciphersuites whose name contains RSA but not
(EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi
Shamir, David Wong and Yuval Yarom. CVE-2018-19608
= mbed TLS 2.13.1 branch released 2018-09-06