PolarSSL 1.2.14 has been released!
Note: Although PolarSSL has been renamed to mbed TLS, no changes reflecting this will be made in the 1.2 branch at this point.
This release is a back-port of all bug fixes and security fixes that are in the 1.3 branch and are relevant for the 1.2 branch.
Most important are the security fixes that have been back-ported to the 1.2 branch. PolarSSL 1.2.14 fixes one remotely-triggerable issues that was found by the Codenomicon Defensics tool, one potential remote crash and countermeasures against the "Lucky 13 strikes back" cache-based attack.
- Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos).
hardclock()(only used in the benchmarking program) with some versions of mingw64 (found by kxjhlele).
- Fix warnings from mingw64 in timing.c (found by kxjklele).
- Fix potential unintended sign extension in
asn1_get_len()on 64-bit platforms (found with Coverity Scan).
Who should update
We advise users of PolarSSL to update if they:
- use any branch other than the 1.3 branch.
Get your copy here: polarssl-1.2.14-gpl.tgz
The hashes for polarssl-1.2.14-gpl.tgz are:
SHA-1 : d04601b06aadfa15b581e1d741eda6222baa99a2 SHA-256: d7cbd8314aa3a5441f6282d13d07df610f49b4bc678088b04188adf093d17d37