diff options
| author | Hauke Mehrtens <hauke@hauke-m.de> | 2022-12-29 21:26:28 +0100 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2022-12-31 14:45:23 +0100 |
| commit | 158a33591d5d4baeb5b09f7c2eec9b5a0b8db609 (patch) | |
| tree | 0912d6d6f72b74208c55a09d5f661511f2d11e51 /package/libs/mbedtls/Makefile | |
| parent | b23cab2fcfe893f860018013feb591395c5c32b0 (diff) | |
| download | upstream-158a33591d5d4baeb5b09f7c2eec9b5a0b8db609.tar.gz upstream-158a33591d5d4baeb5b09f7c2eec9b5a0b8db609.tar.bz2 upstream-158a33591d5d4baeb5b09f7c2eec9b5a0b8db609.zip | |
mbedtls: update to version 2.28.2
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.
Fixes the following CVEs:
* CVE-2022-46393: Fix potential heap buffer overread and overwrite in
DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
* CVE-2022-46392: An adversary with access to precise enough information
about memory accesses (typically, an untrusted operating system
attacking a secure enclave) could recover an RSA private key after
observing the victim performing a single private-key operation if the
window size used for the exponentiation was 3 or smaller.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit af3c9b74e177019b18055c263099a42c1c6c3453)
Diffstat (limited to 'package/libs/mbedtls/Makefile')
| -rw-r--r-- | package/libs/mbedtls/Makefile | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile index 3ee4855cfa..ee1a58c7b2 100644 --- a/package/libs/mbedtls/Makefile +++ b/package/libs/mbedtls/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mbedtls -PKG_VERSION:=2.28.1 -PKG_RELEASE:=$(AUTORELEASE) +PKG_VERSION:=2.28.2 +PKG_RELEASE:=1 PKG_USE_MIPS16:=0 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=6797a7b6483ef589deeab8d33d401ed235d7be25eeecda1be8ddfed406d40ff4 +PKG_HASH:=bc55232bf71fd66045122ba9050a29ea7cb2e8f99b064a9e6334a82f715881a0 PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=gpl-2.0.txt |