Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TLS 1.3: ensure key for signature in CertificateVerify #3676

Merged
merged 1 commit into from
Feb 8, 2021

Conversation

SparkiDev
Copy link
Contributor

@SparkiDev SparkiDev commented Jan 22, 2021

ZD 11540

@SparkiDev SparkiDev self-assigned this Jan 22, 2021
@dgarske dgarske assigned toddouska and unassigned SparkiDev Jan 26, 2021
@lechner
Copy link
Contributor

lechner commented Feb 5, 2021

Hi, Debian is gradually freezing modifications in preparation for a major release, while the CVE addressed here received a relatively high NVD assessment. I leave this comment merely to receive automatic updates, especially when the fix is merged.

Debian has a flexible process for security updates, in which wolfSSL is guaranteed the most favorable treatment, but it would be easier to cherry-pick the fix in the next month or so.

Please write if I am too cautious or if this commit is unsuitable for application against the stable 4.6.0 release. Thank you for providing your great products under open-source licenses!

@toddouska toddouska merged commit 58f9b6e into wolfSSL:master Feb 8, 2021
@lechner
Copy link
Contributor

lechner commented Feb 11, 2021

@dgarske Thanks for expediting. The fix was cherry-picked for Debian in 4.6.0-3 and is now available in unstable (in time for the upcoming bullseye) and in stable-backports.

Usually, my packages are picked up subsequently by several other Debian-based distributions with rolling releases.

Alas, the Repology tracker does not show downstream revisions, i.e. the -3. For a better overview there, we would require a maintenance release 4.6.1, but I am not sure that is needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants