Subject: Re: Buffer overflow with mbedTLS

Re: Buffer overflow with mbedTLS

From: Daniel Stenberg <>
Date: Tue, 25 Oct 2016 23:47:53 +0200 (CEST)

On Tue, 25 Oct 2016, Daniel Stenberg wrote:

> I'm forwarding this just to make sure you all are aware - this is not what I
> normally do with bugs. The mbedTLS crypto backend is obviously brand new so
> this flaw shouldn't hurt anyone's use of libssh2 in production but should
> perhaps make you pause if you had plans to.

Hm, okay I trigged really fast due to the possible importance but the bug was
closed again... Sorry for being alarmist. But let's keep our eyes open and I
think it is reasonable to be careful with a brand new backend like this.

Received on 2016-10-25