Accepting request 478689 from devel:libraries:c_c++

- Update to version 2.4.2:

OBS-URL: https://build.opensuse.org/request/show/478689
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mbedtls?expand=0&rev=11

mbedtls.changes

@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Sat Mar 11 15:50:12 UTC 2017 - mpluskal@suse.com
+
+- Update to version 2.4.2:
+  * Add checks to prevent signature forgeries for very large messages while
+    using RSA through the PK module in 64-bit systems. The issue was caused by
+    some data loss when casting a size_t to an unsigned int value in the
+    functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and
+    mbedtls_pk_sign(). Found by Jean-Philippe Aumasson.
+  * Fixed potential livelock during the parsing of a CRL in PEM format in
+    mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing
+    characters after the footer could result in the execution of an infinite
+    loop. The issue can be triggered remotely. Found by Greg Zaverucha,
+    Microsoft.
+  * Removed MD5 from the allowed hash algorithms for CertificateRequest and
+    CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2.
+    Introduced by interoperability fix for #513.
+  * Fixed a bug that caused freeing a buffer that was allocated on the stack,
+    when verifying the validity of a key on secp224k1. This could be
+    triggered remotely for example with a maliciously constructed certificate
+    and potentially could lead to remote code execution on some platforms.
+    Reported independently by rongsaws and Aleksandar Nikolic, Cisco Talos
+    team. #569 CVE-2017-2784 (boo#1029017)
+
 -------------------------------------------------------------------
 Sun Nov 13 18:18:58 UTC 2016 - mpluskal@suse.com