package/wolfssl: security bump to version 4.7.0 (238b5df7) · Commits · Infra Solutions / Reference Design / platsw / buildroot

Commit 238b5df7 authored Mar 06, 2021 by Fabrice Fontaine Committed by Peter Korsgaard Mar 06, 2021

package/wolfssl: security bump to version 4.7.0

Fix CVE-2021-3336: DoTls13CertificateVerify in tls13.c in wolfSSL before
4.7.0 does not cease processing for certain anomalous peer behavior
(sending an ED22519, ED448, ECC, or RSA signature without the
corresponding certificate). The client side is affected because
man-in-the-middle attackers can impersonate TLS 1.3 servers.

https://github.com/wolfSSL/wolfssl/releases/tag/v4.7.0-stable



Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

parent 308f4428

Hide whitespace changes

Inline Side-by-side

Please register or to comment