Commits
Baruch Siach committed d226954543a
mbedtls: security bump to version 2.7.0 CVE-2018-0487: Remote attackers can execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session. CVE-2018-0488: When the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 3b7a59304a9c377b9aec1303d85a60d019b4b9b2) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>