Tweak RSA vulnerability changelog entry

* Correct the list of authors.
* Add the CVE number.
* Improve the impact description.
This commit is contained in:
Gilles Peskine 2018-11-29 12:45:01 +01:00
parent 11cdb0559e
commit 056f19c79f

View file

@ -5,9 +5,10 @@ mbed TLS ChangeLog (Sorted per branch, date)
Security Security
* Fix timing variations and memory access variations in RSA PKCS#1 v1.5 * Fix timing variations and memory access variations in RSA PKCS#1 v1.5
decryption that could lead to a Bleichenbacher-style padding oracle decryption that could lead to a Bleichenbacher-style padding oracle
attack. In TLS, this affects RSA-based ciphersuites without DHE or attack. In TLS, this affects servers that accept ciphersuites based on
ECDHE. Reported by Yuval Yarom, Eyal Ronen, Adi Shamir, David Wong and RSA decryption (i.e. ciphersuites whose name contains RSA but not
Daniel Genkin. (EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi
Shamir, David Wong and Yuval Yarom. CVE-2018-19608
= mbed TLS 2.13.1 branch released 2018-09-06 = mbed TLS 2.13.1 branch released 2018-09-06