forked from wolfSSL/wolfssl
adjust ChangeLog text
This commit is contained in:
JacobBarthelmeh
@@ -12,7 +12,7 @@ NOTE: This release switches the default ASN.1 parser to the new ASN template cod
|
||||
|
||||
|
||||
## Vulnerabilities
|
||||
* [High] CVE-2024-0901 Potential denial of service and out of bounds read. Affects TLS 1.3 on the server side when connecting to a malicious TLS 1.3 client. If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used. Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7099
|
||||
* [High] CVE-2024-0901 Potential denial of service and out of bounds read. Affects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client. If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used. Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7099
|
||||
|
||||
|
||||
* [Med] CVE-2024-1545 Fault Injection vulnerability in RsaPrivateDecryption function that potentially allows an attacker that has access to the same system with a victims process to perform a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia)."
|
||||
@@ -25,7 +25,7 @@ Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7212
|
||||
|
||||
## New Feature Additions
|
||||
|
||||
* Added --enable-experimental configure flag to gate out features that are considered to be experimental. Now liboqs, kyber, lms, xmss, and dual-alg-certs require the --enable-experimental flag.
|
||||
* Added --enable-experimental configure flag to gate out features that are currently experimental. Now liboqs, kyber, lms, xmss, and dual-alg-certs require the --enable-experimental flag.
|
||||
|
||||
### POST QUANTUM SUPPORT ADDITIONS
|
||||
* Experimental framework for using wolfSSL’s XMSS implementation (PR 7161)
|
||||
|
||||
4
README
4
README
@@ -84,7 +84,7 @@ NOTE: This release switches the default ASN.1 parser to the new ASN template cod
|
||||
|
||||
|
||||
## Vulnerabilities
|
||||
* [High] CVE-2024-0901 Potential denial of service and out of bounds read. Affects TLS 1.3 on the server side when connecting to a malicious TLS 1.3 client. If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used. Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7099
|
||||
* [High] CVE-2024-0901 Potential denial of service and out of bounds read. Affects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client. If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used. Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7099
|
||||
|
||||
|
||||
* [Med] CVE-2024-1545 Fault Injection vulnerability in RsaPrivateDecryption function that potentially allows an attacker that has access to the same system with a victims process to perform a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia)."
|
||||
@@ -97,7 +97,7 @@ Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7212
|
||||
|
||||
## New Feature Additions
|
||||
|
||||
* Added --enable-experimental configure flag to gate out features that are considered to be experimental. Now liboqs, kyber, lms, xmss, and dual-alg-certs require the --enable-experimental flag.
|
||||
* Added --enable-experimental configure flag to gate out features that are currently experimental. Now liboqs, kyber, lms, xmss, and dual-alg-certs require the --enable-experimental flag.
|
||||
|
||||
### POST QUANTUM SUPPORT ADDITIONS
|
||||
* Experimental framework for using wolfSSL’s XMSS implementation (PR 7161)
|
||||
|
||||
@@ -88,7 +88,7 @@ NOTE: In future releases, --enable-des3 (which is disabled by default) will be i
|
||||
NOTE: This release switches the default ASN.1 parser to the new ASN template code. If the original ASN.1 code is preferred define `WOLFSSL_ASN_ORIGINAL` to use it. See PR #7199.
|
||||
|
||||
## Vulnerabilities
|
||||
* [High] CVE-2024-0901 Potential denial of service and out of bounds read. Affects TLS 1.3 on the server side when connecting to a malicious TLS 1.3 client. If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used. Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7099
|
||||
* [High] CVE-2024-0901 Potential denial of service and out of bounds read. Affects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client. If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used. Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7099
|
||||
|
||||
|
||||
* [Med] CVE-2024-1545 Fault Injection vulnerability in RsaPrivateDecryption function that potentially allows an attacker that has access to the same system with a victims process to perform a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia)."
|
||||
@@ -101,7 +101,7 @@ Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7212
|
||||
|
||||
## New Feature Additions
|
||||
|
||||
* Added --enable-experimental configure flag to gate out features that are considered to be experimental. Now liboqs, kyber, lms, xmss, and dual-alg-certs require the --enable-experimental flag.
|
||||
* Added --enable-experimental configure flag to gate out features that are currently experimental. Now liboqs, kyber, lms, xmss, and dual-alg-certs require the --enable-experimental flag.
|
||||
|
||||
### POST QUANTUM SUPPORT ADDITIONS
|
||||
* Experimental framework for using wolfSSL’s XMSS implementation (PR 7161)
|
||||
|
||||
Reference in New Issue
Block a user