Tweak RSA vulnerability changelog entry
* Correct the list of authors. * Add the CVE number. * Improve the impact description.
This commit is contained in:
parent
11cdb0559e
commit
056f19c79f
1 changed files with 4 additions and 3 deletions
|
@ -5,9 +5,10 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
Security
|
Security
|
||||||
* Fix timing variations and memory access variations in RSA PKCS#1 v1.5
|
* Fix timing variations and memory access variations in RSA PKCS#1 v1.5
|
||||||
decryption that could lead to a Bleichenbacher-style padding oracle
|
decryption that could lead to a Bleichenbacher-style padding oracle
|
||||||
attack. In TLS, this affects RSA-based ciphersuites without DHE or
|
attack. In TLS, this affects servers that accept ciphersuites based on
|
||||||
ECDHE. Reported by Yuval Yarom, Eyal Ronen, Adi Shamir, David Wong and
|
RSA decryption (i.e. ciphersuites whose name contains RSA but not
|
||||||
Daniel Genkin.
|
(EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi
|
||||||
|
Shamir, David Wong and Yuval Yarom. CVE-2018-19608
|
||||||
|
|
||||||
= mbed TLS 2.13.1 branch released 2018-09-06
|
= mbed TLS 2.13.1 branch released 2018-09-06
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue