TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e557764cf3ab530d7ab93ea9dd4db94edf535f95^! / .
commite557764cf3ab530d7ab93ea9dd4db94edf535f95[log] [tgz]
authorDave Rodgman <dave.rodgman@arm.com>Mon Jan 22 16:46:41 2024 +0000
committerDave Rodgman <dave.rodgman@arm.com>Mon Jan 22 16:46:41 2024 +0000
tree62962a2867f7072d70a484c5a3bf7d5be0bcabd6
parent634748da23df4f47409a3ab4eb41c43b0d6b35b0 [diff]
Assemble changelog

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

diff --git a/ChangeLog b/ChangeLog
index a856275..5434e55 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,5 +1,20 @@
 Mbed TLS ChangeLog (Sorted per branch, date)
 
+= Mbed TLS 2.28.7 branch released 2024-01-26
+
+Security
+   * Fix a timing side channel in private key RSA operations. This side channel
+     could be sufficient for an attacker to recover the plaintext. A local
+     attacker or a remote attacker who is close to the victim on the network
+     might have precise enough timing measurements to exploit this. It requires
+     the attacker to send a large number of messages for decryption. For
+     details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. Reported
+     by Hubert Kario, Red Hat.
+   * Fix a failure to validate input when writing x509 extensions lengths which
+     could result in an integer overflow, causing a zero-length buffer to be
+     allocated to hold the extension. The extension would then be copied into
+     the buffer, causing a heap buffer overflow.
+
 = Mbed TLS 2.28.6 branch released 2023-11-06
 
 Changes

diff --git a/ChangeLog.d/fix-Marvin-attack.txt b/ChangeLog.d/fix-Marvin-attack.txt
deleted file mode 100644
index 763533c..0000000
--- a/ChangeLog.d/fix-Marvin-attack.txt
+++ /dev/null

@@ -1,8 +0,0 @@
-Security
-   * Fix a timing side channel in private key RSA operations. This side channel
-     could be sufficient for an attacker to recover the plaintext. A local
-     attacker or a remote attacker who is close to the victim on the network
-     might have precise enough timing measurements to exploit this. It requires
-     the attacker to send a large number of messages for decryption. For
-     details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. Reported
-     by Hubert Kario, Red Hat.

diff --git a/ChangeLog.d/fix_int_overflow_x509_extension b/ChangeLog.d/fix_int_overflow_x509_extension
deleted file mode 100644
index 2a67928..0000000
--- a/ChangeLog.d/fix_int_overflow_x509_extension
+++ /dev/null

@@ -1,8 +0,0 @@
-Security
-   * Fix a failure to validate input when writing x509 extensions lengths which
-     could result in an integer overflow, causing a zero-length buffer to be
-     allocated to hold the extension. The extension would then be copied into
-     the buffer, causing a heap buffer overflow.
-
-
-