In TLS 1.2, only servers are affected

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
author: Gilles Peskine <Gilles.Peskine@arm.com> 2023-10-02 15:36:58 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> 2023-10-02 15:38:51 +0200
commit: 6dd5b9a60c2d6f483c30f9b010f663dd63394451 (patch)
tree: e497fbe6d8debd7f4ede610d241bb846e05c2d6b
parent: b782415e1bd6df03543223e1c653641d9dcd946a (diff)
download: mbedtls-6dd5b9a60c2d6f483c30f9b010f663dd63394451.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/ChangeLog.d/xxx_psa_peerkey.txt b/ChangeLog.d/xxx_psa_peerkey.txt
index 1ba151000..d25e4ecbf 100644
--- a/ChangeLog.d/xxx_psa_peerkey.txt
+++ b/ChangeLog.d/xxx_psa_peerkey.txt
@@ -1,6 +1,8 @@
 Security
    * Fix a remotely exploitable heap buffer overflow in TLS handshake parsing.
-     In TLS 1.3, all configurations are affected except PSK-only ones.
+     In TLS 1.3, all configurations are affected except PSK-only ones, and
+     both clients and servers are affected.
      In TLS 1.2, the affected configurations are those with
-     MBEDTLS_USE_PSA_CRYPTO and ECDH enabled but DHM and RSA disabled.
+     MBEDTLS_USE_PSA_CRYPTO and ECDH enabled but DHM and RSA disabled,
+     and only servers are affected, not clients.
      Credit to OSS-Fuzz.
author	Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-02 15:36:58 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-02 15:38:51 +0200
commit	6dd5b9a60c2d6f483c30f9b010f663dd63394451 (patch)
tree	e497fbe6d8debd7f4ede610d241bb846e05c2d6b
parent	b782415e1bd6df03543223e1c653641d9dcd946a (diff)
download	mbedtls-6dd5b9a60c2d6f483c30f9b010f663dd63394451.tar.gz