CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2026/02/16 13:50:51
Modified files:
security/polarssl: Tag: OPENBSD_7_8 Makefile distinfo
security/polarssl/patches: Tag: OPENBSD_7_8 patch-CMakeLists_txt
patch-include_mbedtls_config_h
patch-library_timing_c
security/polarssl/pkg: Tag: OPENBSD_7_8 PLIST
Log message:
MFC: SECURITY update to mbedtls-2.28.10
Update to the last release in the now unsupported 2.28 LTS branch.
- Buffer overread in TLS stream cipher suites
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-1/
- Timing side channel in private key RSA operations.
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
- Buffer overflow in mbedtls_x509_set_extension()
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
- Insecure handling of shared memory in PSA Crypto APIs
https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md
- CTR_DRBG prioritized over HMAC_DRBG as the PSA DRBG
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/
- Potential authentication bypass in TLS handshake
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/
- TLS clients may unwittingly skip server authentication
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/
