Tweak RSA vulnerability changelog entry

* Correct the list of authors. * Add the CVE number. * Improve the impact description.
2018-11-29 12:45:01 +01:00 · 2018-11-29 12:45:01 +01:00 · 056f19c79f
commit 056f19c79f
parent 11cdb0559e
1 changed files with 4 additions and 3 deletions
--- a/7
+++ b/7
@ -5,9 +5,10 @@ mbed TLS ChangeLog (Sorted per branch, date)
 Security
   * Fix timing variations and memory access variations in RSA PKCS#1 v1.5
     decryption that could lead to a Bleichenbacher-style padding oracle
-     attack. In TLS, this affects RSA-based ciphersuites without DHE or
-     ECDHE. Reported by Yuval Yarom, Eyal Ronen, Adi Shamir, David Wong and
-     Daniel Genkin.
+     attack. In TLS, this affects servers that accept ciphersuites based on
+     RSA decryption (i.e. ciphersuites whose name contains RSA but not
+     (EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi
+     Shamir, David Wong and Yuval Yarom. CVE-2018-19608

 = mbed TLS 2.13.1 branch released 2018-09-06