AVG-1104 log

Package mbedtls
Status Fixed
Severity High
Type private key recovery
Affected 2.16.3-1
Fixed 2.16.5-1
Current 2.16.5-1 [community]
Ticket None
Created Tue Feb 25 15:59:28 2020
Issue Severity Remote Type Description
CVE-2019-18222 High No Private key recovery
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto before 3.0.1 and Mbed TLS before 2.20.0, 2.16.4 or 2.7.13 does not reduce the blinded...
Date Advisory Package Description
11 Mar 2020 ASA-202003-7 mbedtls private key recovery
References
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12
Notes
Please take a look at https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02 also, there was no CVE as of 2020/02/25 ;)