Subject: Re: Buffer overflow with mbedTLS

Re: Buffer overflow with mbedTLS

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 25 Oct 2016 23:47:53 +0200 (CEST)

On Tue, 25 Oct 2016, Daniel Stenberg wrote:

> I'm forwarding this just to make sure you all are aware - this is not what I
> normally do with bugs. The mbedTLS crypto backend is obviously brand new so
> this flaw shouldn't hurt anyone's use of libssh2 in production but should
> perhaps make you pause if you had plans to.

Hm, okay I trigged really fast due to the possible importance but the bug was
closed again... Sorry for being alarmist. But let's keep our eyes open and I
think it is reasonable to be careful with a brand new backend like this.

-- 
  / daniel.haxx.se
_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Received on 2016-10-25

This message: [ Message body ]
Next message: Eduardo Silva: "Re: Buffer overflow with mbedTLS"
Previous message: Daniel Stenberg: "Buffer overflow with mbedTLS"
In reply to: Daniel Stenberg: "Buffer overflow with mbedTLS"
Next in thread: Eduardo Silva: "Re: Buffer overflow with mbedTLS"
Reply: Eduardo Silva: "Re: Buffer overflow with mbedTLS"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]