[Buildroot] [git commit] package/mbedtls: security bump to version 2.28.1
Yann E. MORIN
yann.morin.1998 at free.fr
Sat Jul 16 15:37:06 UTC 2022
commit: https://git.buildroot.net/buildroot/commit/?id=dbc2d3a8275441581de567424dc4bdb7507251c1
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fix CVE-2022-35409: Buffer overread in DTLS ClientHello parsing.
https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/advisories/mbedtls-security-advisory-2022-07.md
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998 at free.fr>
---
package/mbedtls/mbedtls.hash | 4 ++--
package/mbedtls/mbedtls.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/mbedtls/mbedtls.hash b/package/mbedtls/mbedtls.hash
index 80ae173aff..38182fe119 100644
--- a/package/mbedtls/mbedtls.hash
+++ b/package/mbedtls/mbedtls.hash
@@ -1,4 +1,4 @@
-# From https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0:
-sha256 6519579b836ed78cc549375c7c18b111df5717e86ca0eeff4cb64b2674f424cc mbedtls-2.28.0.tar.gz
+# From https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.1:
+sha256 6797a7b6483ef589deeab8d33d401ed235d7be25eeecda1be8ddfed406d40ff4 mbedtls-2.28.1.tar.gz
# Locally calculated
sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 LICENSE
diff --git a/package/mbedtls/mbedtls.mk b/package/mbedtls/mbedtls.mk
index 8745ff33f4..af87d62b30 100644
--- a/package/mbedtls/mbedtls.mk
+++ b/package/mbedtls/mbedtls.mk
@@ -4,7 +4,7 @@
#
################################################################################
-MBEDTLS_VERSION = 2.28.0
+MBEDTLS_VERSION = 2.28.1
MBEDTLS_SITE = $(call github,ARMmbed,mbedtls,v$(MBEDTLS_VERSION))
MBEDTLS_CONF_OPTS = \
-DCMAKE_C_FLAGS="$(TARGET_CFLAGS) -std=c99" \
More information about the buildroot
mailing list