OpenWrt v22.03.7 Changelog
This changelog lists all commits done in OpenWrt since the v22.03.6 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 22.03.7 release.
See also the release notes that provide a more accessible overview of the main changes in 22.03.7.
Build System / Buildroot (15 changes)
6121581
kernel: bump 5.10 to 5.10.203 (+32,-135)
debf4b5
kernel: bump 5.10 to 5.10.206 (+82,-77)
c4df947
kernel: bump 5.10 to 5.10.208 (+23,-23)
948730e
build: add explicit --no-show-signature for git (+2,-2)
f2e8d59
kernel: bump 5.10 to 5.10.210 (+106,-106)
a352312
kernel: bump 5.10 to 5.10.211 (+14,-73)
61c6bc2
kernel: bump 5.10 to 5.10.213 (+41,-92)
ce37d2c
kernel: bump 5.10 to 5.10.214 (+39,-77)
bc7585b
kernel: bump 5.10 to 5.10.215 (+47,-46)
0621d89
kernel: bump 5.10 to 5.10.216 (+47,-139)
7c2c655
kernel: bump 5.10 to 5.10.217 (+17,-87)
13b9be3
kernel: bump 5.10 to 5.10.218 (+7,-7)
c54d411
kernel: bump 5.10 to 5.10.219 (+100,-147)
e72b58a
kernel: bump 5.10 to 5.10.220 (+8,-7)
eb9eaeb
kernel: bump 5.10 to 5.10.221 (+40,-40)
Build System / Host Utilities (4 changes)
4a6911f
tools/sed: fix compilation on macOS 14 (+21)
8d65f02
tools/cpio: fix compilation on macOS 14 (+21)
eede9b1
tools/coreutils: fix compilation on macOS 14 (+21)
5f07510
tools: b43-tools: fix compilation with GCC14 (+1,-1)
Build System / Toolchain (1 change)
caac7a6
toolchain: Update glibc 2.34 to recent HEAD (+2,-2)
Kernel (16 changes)
6121581
kernel: bump 5.10 to 5.10.203 (+32,-135)
debf4b5
kernel: bump 5.10 to 5.10.206 (+82,-77)
c4df947
kernel: bump 5.10 to 5.10.208 (+23,-23)
f2e8d59
kernel: bump 5.10 to 5.10.210 (+106,-106)
d7e5cab
kernel: Remove dsmark support (+1,-2)
a352312
kernel: bump 5.10 to 5.10.211 (+14,-73)
f60a5f2
kernel: Remove unused schedulers (-3)
61c6bc2
kernel: bump 5.10 to 5.10.213 (+41,-92)
ce37d2c
kernel: bump 5.10 to 5.10.214 (+39,-77)
bc7585b
kernel: bump 5.10 to 5.10.215 (+47,-46)
0621d89
kernel: bump 5.10 to 5.10.216 (+47,-139)
7c2c655
kernel: bump 5.10 to 5.10.217 (+17,-87)
c54d411
kernel: bump 5.10 to 5.10.219 (+100,-147)
b418863
kernel: 5.15: add missing Kconfig symbols for NFS (+9,-2)
e72b58a
kernel: bump 5.10 to 5.10.220 (+8,-7)
eb9eaeb
kernel: bump 5.10 to 5.10.221 (+40,-40)
Packages / Common (16 changes)
05f7435
lua5.3: fix typo calling lua53 instead of lua5.3 for Package Default (+3,-3)
7f64f5b
mbedtls: security bump to version 2.28.7 (+2,-2)
987275f
hostapd: backport fix for CVE-2023-52160 (+197)
1f69203
cryptodev-linux: Support kernel 5.10.220 (+14)
b9aeaf7
ksmbd: Support kernel 5.10.220 (+25)
ea430dd
wolfssl: update to 5.6.6 (+3,-3)
86e290e
wolfssl: Update to 5.7.0 (+3,-3)
6ea1e21
mbedtls: Update to 2.28.8 (+2,-2)
bf3ea23
lua: fix CVE-2014-5461 (+48,-26)
38cea0b
dropbear: cherry-pick upstream patches (+337)
6681c02
hostapd: fix 11r defaults when using SAE (+1,-1)
7e31d2a
hostapd: fix 11r defaults when using WPA (+14,-14)
47c9173
ucode: add libjson-c/host dependency (+1)
466198c
ksmbd: update to latest 3.4.8 release (+3,-3)
d5ba3ca
ksmbd: Update to version 3.5.0 (+9,-3)
591b7e9
wolfssl: Update to version 5.7.2 (+5,-3)
Packages / Firmware (6 changes)
fef1a52
wireless-regdb: update to 2024.01.23 (+3,-3)
c0280da
wireless-regdb: update to 2024.05.08 (+2,-2)
a086650
firmware: intel-microcode: update to 20231114 (+2,-2)
b550f7b
firmware: intel-microcode: update to 20240312 (+2,-2)
bd91384
firmware: intel-microcode: update to 20240531 (+2,-2)
456fd63
wireless-regdb: Update to version 2024.07.04 (+2,-2)
Packages / OpenWrt system userland (2 changes)
78d9e4c
jsonfilter: update to Git HEAD (2024-01-23) (+3,-3)
⇒ 013b75a
jsonfilter: drop legacy json-c support (+2,-3)
⇒ 594cfa8
main: fix spurious premature parse aborts in array mode (+2,-4)
ebb3faf
procd: make mDNS TXT record parsing more solid (+9,-6)
Target / apm821xx (2 changes)
Target / at91 (6 changes)
debf4b5
kernel: bump 5.10 to 5.10.206 (+82,-77)
f2e8d59
kernel: bump 5.10 to 5.10.210 (+106,-106)
ce37d2c
kernel: bump 5.10 to 5.10.214 (+39,-77)
0621d89
kernel: bump 5.10 to 5.10.216 (+47,-139)
7c2c655
kernel: bump 5.10 to 5.10.217 (+17,-87)
eb9eaeb
kernel: bump 5.10 to 5.10.221 (+40,-40)
Target / ath79 (7 changes)
debf4b5
kernel: bump 5.10 to 5.10.206 (+82,-77)
a08553b
ath79: read back reset register (+33)
294301c
ath79: ubnt,bullet-m-xw: set PHY max-speed to 100Mbps (+1)
c1a3174
ath79: ubnt-bullet-m-xw: fix Ethernet PHY traffic (+1,-2)
228cf39
ath79: add Ubiquiti Rocket M XW as alternate name to Bullet M XW (+3)
f2e8d59
kernel: bump 5.10 to 5.10.210 (+106,-106)
eb9eaeb
kernel: bump 5.10 to 5.10.221 (+40,-40)
Target / bcm27xx (13 changes)
6121581
kernel: bump 5.10 to 5.10.203 (+32,-135)
debf4b5
kernel: bump 5.10 to 5.10.206 (+82,-77)
c4df947
kernel: bump 5.10 to 5.10.208 (+23,-23)
f2e8d59
kernel: bump 5.10 to 5.10.210 (+106,-106)
a352312
kernel: bump 5.10 to 5.10.211 (+14,-73)
61c6bc2
kernel: bump 5.10 to 5.10.213 (+41,-92)
ce37d2c
kernel: bump 5.10 to 5.10.214 (+39,-77)
bc7585b
kernel: bump 5.10 to 5.10.215 (+47,-46)
0621d89
kernel: bump 5.10 to 5.10.216 (+47,-139)
7c2c655
kernel: bump 5.10 to 5.10.217 (+17,-87)
13b9be3
kernel: bump 5.10 to 5.10.218 (+7,-7)
c54d411
kernel: bump 5.10 to 5.10.219 (+100,-147)
eb9eaeb
kernel: bump 5.10 to 5.10.221 (+40,-40)
Target / bcm47xx (2 changes)
3547565
bcm47xx: fix switch setup for Linksys WRT320N v1 (+1)
0621d89
kernel: bump 5.10 to 5.10.216 (+47,-139)
Target / bcm4908 (1 change)
61c6bc2
kernel: bump 5.10 to 5.10.213 (+41,-92)
Target / bcm53xx (5 changes)
8b32252
kernel: use upstream firmware patch for Broadcom's NVRAM (+100,-92)
41e961c
bcm53xx: backport brcm_nvram changes needed for fix patch (+89)
9b7311d
bcm53xx: add the latest fix version of brcm_nvram (+246)
a352312
kernel: bump 5.10 to 5.10.211 (+14,-73)
61c6bc2
kernel: bump 5.10 to 5.10.213 (+41,-92)
Target / bcm63xx (1 change)
f2e8d59
kernel: bump 5.10 to 5.10.210 (+106,-106)
Target / bmips (1 change)
eb9eaeb
kernel: bump 5.10 to 5.10.221 (+40,-40)
Target / gemini (1 change)
debf4b5
kernel: bump 5.10 to 5.10.206 (+82,-77)
Target / ipq40xx (1 change)
7b8ccbd
ipq40xx: eap1300: add eap1300ext as alt model (+2)
Target / ipq806x (3 changes)
6121581
kernel: bump 5.10 to 5.10.203 (+32,-135)
debf4b5
kernel: bump 5.10 to 5.10.206 (+82,-77)
0621d89
kernel: bump 5.10 to 5.10.216 (+47,-139)
Target / lantiq (2 changes)
Target / mediatek (6 changes)
debf4b5
kernel: bump 5.10 to 5.10.206 (+82,-77)
f2e8d59
kernel: bump 5.10 to 5.10.210 (+106,-106)
ce37d2c
kernel: bump 5.10 to 5.10.214 (+39,-77)
bc7585b
kernel: bump 5.10 to 5.10.215 (+47,-46)
0621d89
kernel: bump 5.10 to 5.10.216 (+47,-139)
3f1b60a
mediatek: fix broken PCIe caused by update to 5.15.158 (+9)
Target / mpc85xx (1 change)
debf4b5
kernel: bump 5.10 to 5.10.206 (+82,-77)
Target / mvebu (2 changes)
Target / octeontx (4 changes)
c4df947
kernel: bump 5.10 to 5.10.208 (+23,-23)
f2e8d59
kernel: bump 5.10 to 5.10.210 (+106,-106)
ce37d2c
kernel: bump 5.10 to 5.10.214 (+39,-77)
bc7585b
kernel: bump 5.10 to 5.10.215 (+47,-46)
Target / oxnas (1 change)
0621d89
kernel: bump 5.10 to 5.10.216 (+47,-139)
Target / ramips (9 changes)
ca942a5
ramips: mtk_eth_soc: allow multiple resets (+9,-8)
8b4b924
ramips: mtk_eth_soc: wait longer after FE core reset to settle (+1,-1)
37ed4c0
ramips: dts: rt3352: reset FE and ESW cores together (+4,-4)
0c84a15
ramips: dts: rt3050: reset FE and ESW cores together (+4,-4)
b80c17b
ramips: dts: rt5350: reset FE and ESW cores together (+4,-4)
5ef0111
ramips: dts: mt7628an: reset FE and ESW cores together (+4,-4)
17ee3e0
raimps: mtk_eth_soc: drop rst_esw from ESW driver (+4,-20)
6121581
kernel: bump 5.10 to 5.10.203 (+32,-135)
f2e8d59
kernel: bump 5.10 to 5.10.210 (+106,-106)
Target / realtek (2 changes)
Target / rockchip (1 change)
bc7585b
kernel: bump 5.10 to 5.10.215 (+47,-46)
Target / sunxi (1 change)
abc1245
sunxi: fix network bringup on Olinuxino Micro boards (+1,-1)
Target / x86 (4 changes)
4895ab2
x86: Fix compile problem with kernel 5.10.211 (+40)
ce37d2c
kernel: bump 5.10 to 5.10.214 (+39,-77)
bc7585b
kernel: bump 5.10 to 5.10.215 (+47,-46)
0621d89
kernel: bump 5.10 to 5.10.216 (+47,-139)
Wireless / Common (6 changes)
2c67fff
mac80211: Update to version 5.15.148-1 (+142,-167)
721f026
mac80211: Add DRIVER_11AX_SUPPORT dependency to mac80211-hwsim and iwlwifi (+2,-2)
4432454
wifi-scripts: Support HE Iftypes with multiple entries (+2,-2)
06ea586
mac80211: Update to 5.15.153-1 (+80,-80)
3122bb6
mac80211: add missing config for third 160MHz width for 5GHz radio (+1)
94a605d
mac80211: Update to version 5.15.162-1 (+58,-60)
Miscellaneous (2 changes)
f5e20dd
CI: tools: macOS: sync with shared-actions for macOS 14 (+8,-25)
f457cd6
.gitignore: ignore link if target is included from feed (+1)
Security fixes
CVE-2014-5461
Description: Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5461
Commits:
bf3ea23
lua: fix CVE-2014-5461 (+48,-26)
CVE-2023-6935
Description: wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server’s private key is not exposed.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6935
Commits:
ea430dd
wolfssl: update to 5.6.6 (+3,-3)
CVE-2023-6936
Description: In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6936
Commits:
ea430dd
wolfssl: update to 5.6.6 (+3,-3)
CVE-2023-6937
Description: wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6937
Commits:
ea430dd
wolfssl: update to 5.6.6 (+3,-3)
CVE-2023-22655
Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22655
Commits:
b550f7b
firmware: intel-microcode: update to 20240312 (+2,-2)
CVE-2023-23583
Description: Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23583
Commits:
a086650
firmware: intel-microcode: update to 20231114 (+2,-2)
CVE-2023-28746
Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746
Commits:
b550f7b
firmware: intel-microcode: update to 20240312 (+2,-2)
CVE-2023-36328
Description: Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS).
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36328
Commits:
38cea0b
dropbear: cherry-pick upstream patches (+337)
CVE-2023-38575
Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38575
Commits:
b550f7b
firmware: intel-microcode: update to 20240312 (+2,-2)
CVE-2023-39368
Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39368
Commits:
b550f7b
firmware: intel-microcode: update to 20240312 (+2,-2)
CVE-2023-43490
Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43490
Commits:
b550f7b
firmware: intel-microcode: update to 20240312 (+2,-2)
CVE-2023-45733
Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45733
Commits:
bd91384
firmware: intel-microcode: update to 20240531 (+2,-2)
CVE-2023-45745
Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45745
Commits:
bd91384
firmware: intel-microcode: update to 20240531 (+2,-2)
CVE-2023-46103
Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46103
Commits:
bd91384
firmware: intel-microcode: update to 20240531 (+2,-2)
CVE-2023-47855
Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47855
Commits:
bd91384
firmware: intel-microcode: update to 20240531 (+2,-2)
CVE-2023-48795
Description: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
Commits:
38cea0b
dropbear: cherry-pick upstream patches (+337)
CVE-2023-52160
Description: The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52160
Commits:
987275f
hostapd: backport fix for CVE-2023-52160 (+197)
CVE-2024-0901
Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0901
Commits:
86e290e
wolfssl: Update to 5.7.0 (+3,-3)
CVE-2024-1544
Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1544
Commits:
591b7e9
wolfssl: Update to version 5.7.2 (+5,-3)
CVE-2024-1545
Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1545
Commits:
86e290e
wolfssl: Update to 5.7.0 (+3,-3)
CVE-2024-5288
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5288
Commits:
591b7e9
wolfssl: Update to version 5.7.2 (+5,-3)
CVE-2024-5814
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5814
Commits:
591b7e9
wolfssl: Update to version 5.7.2 (+5,-3)
CVE-2024-5991
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5991
Commits:
591b7e9
wolfssl: Update to version 5.7.2 (+5,-3)
CVE-2024-23170
Description: An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23170
Commits:
7f64f5b
mbedtls: security bump to version 2.28.7 (+2,-2)
CVE-2024-23775
Description: Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23775
Commits:
7f64f5b
mbedtls: security bump to version 2.28.7 (+2,-2)
CVE-2024-28960
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28960
Commits:
6ea1e21
mbedtls: Update to 2.28.8 (+2,-2)