On Tue, Sep 08, 2020 at 09:35:24PM +0200, Bjorn Ketelaars wrote: > On Wed 02/09/2020 17:41, Bjorn Ketelaars wrote: > > Diff below updates mbedtls to 2.16.8, which is a security update and > > addresses: > > - Local side channel attack on RSA and static Diffie-Hellman > > - Local side channel attack on classical CBC decryption in (D)TLS > > > > Other changes are listed at > > https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.16.8/ChangeLog > > > > Minor of libmbedtls has been bumped because of the addition of a symbol. > > > > 'make test' runs successfully. Run tested in combination with openvpn. > > > > I think it makes sense to backport this update to 6.8. > > > > Comments/OK > > > Ping! >
Built & successfully ran regress on amd64 and sparc64. Looked at the diff to 2.16.7 and can confirm that it's a minor bump. ok tb Backporting seems to make sense but I'm not familiar with the process.
