Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#69128 - [mbedtls] [Security] private key recovery (CVE-2020-16150)
Attached to Project:
Community Packages
Opened by Jonas Witschel (diabonas) - Sunday, 27 December 2020, 12:42 GMT
Last edited by Jonas Witschel (diabonas) - Tuesday, 05 January 2021, 11:04 GMT
Opened by Jonas Witschel (diabonas) - Sunday, 27 December 2020, 12:42 GMT
Last edited by Jonas Witschel (diabonas) - Tuesday, 05 January 2021, 11:04 GMT
|
DetailsSummary
======= The package mbedtls is vulnerable to private key recovery via CVE-2020-16150. Guidance ======== Upgrading to the latest version 2.25.0 or at least to 2.16.8 fixes the issue. References ========== https://security.archlinux.org/AVG-1386 https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1 |
This task depends upon
Closed by Jonas Witschel (diabonas)
Tuesday, 05 January 2021, 11:04 GMT
Reason for closing: Fixed
Additional comments about closing: mbedtls 2.25.0-1
Tuesday, 05 January 2021, 11:04 GMT
Reason for closing: Fixed
Additional comments about closing: mbedtls 2.25.0-1