TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / next / ci / tf-a-ci-scripts / a15983f71d9c03baf57fbf817f627fdb49b36d08^! / . / script / tf-coverity / common-def.sh
commita15983f71d9c03baf57fbf817f627fdb49b36d08[log] [tgz]
authorRyan Everett <ryan.everett@arm.com>Tue Nov 26 11:43:36 2024 +0000
committerYann Gautier <yann.gautier@st.com>Fri Feb 14 16:12:15 2025 +0100
tree45a81fc766fa1829f73f6d103c37dce3ca26642a
parentd2e30a958bed1b796c20c3fe15a74b5c3a379c8b [diff] [blame]
Update mbedtls to version 3.6.2

This new update to the LTS branch of MbedTLS provides
the fix for a buffer underrun vulnerability. TF-A does
not use the previously vulnerable functions
`mbedtls_pk_write_key_der` or `mbedtls_pk_write_key_pem`.
Full patch notes to this MbedTLS update can be found at
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Change-Id: I3496fbe54c3d85f7a5330b49cd77ccd16f7cb7fa
(cherry picked from commit f3eb26844acefd8e78e1b69e99eeecca9b21ac08)

diff --git a/script/tf-coverity/common-def.sh b/script/tf-coverity/common-def.sh
index 98edb06..bec96fc 100644
--- a/script/tf-coverity/common-def.sh
+++ b/script/tf-coverity/common-def.sh

@@ -79,7 +79,7 @@
 
 # mbed TLS source tag to checkout when building Trusted Firmware with
 # cryptography support (e.g. for Trusted Board Boot feature).
-MBED_TLS_SOURCES_TAG="mbedtls-3.6.1"
+MBED_TLS_SOURCES_TAG="mbedtls-3.6.2"
 
 # TF-M variables
 TF_M_TESTS_DIR=tf-m-tests