Subject: Re: Buffer overflow with mbedTLS

Re: Buffer overflow with mbedTLS

From: Eduardo Silva <edsiper_at_gmail.com>
Date: Tue, 25 Oct 2016 17:10:38 -0600

what version of mbedTLS is that ?

On Tue, Oct 25, 2016 at 3:47 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:
> On Tue, 25 Oct 2016, Daniel Stenberg wrote:
>
>> I'm forwarding this just to make sure you all are aware - this is not what
>> I normally do with bugs. The mbedTLS crypto backend is obviously brand new
>> so this flaw shouldn't hurt anyone's use of libssh2 in production but should
>> perhaps make you pause if you had plans to.
>
>
> Hm, okay I trigged really fast due to the possible importance but the bug
> was closed again... Sorry for being alarmist. But let's keep our eyes open
> and I think it is reasonable to be careful with a brand new backend like
> this.
>
> --
>
> / daniel.haxx.se
> _______________________________________________
> libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

-- 
Eduardo Silva
http://edsiper.linuxchile.cl
http://monkey-project.com
_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Received on 2016-10-26

This message: [ Message body ]
Next message: Peter Stuge: "Re: configure.ac crypto library checks [was: 1.8.0]"
Previous message: Daniel Stenberg: "Re: Buffer overflow with mbedTLS"
In reply to: Daniel Stenberg: "Re: Buffer overflow with mbedTLS"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]