Hi Innocenti,
The official list of defects is available on github: https://github.com/ARMmbed/mbedtls/issues?q=is%3Aissue+is%3Aopen+label%3Abug
The revision of fixing is in the Bugfix sections of the ChangeLog file in the source. Eg. for the latest release: https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.24.0/ChangeLog The entries here usually reference the issue number they fixed.
Is this something that you can use for your evaluation?
Regards, Janos
From: mbed-tls mbed-tls-bounces@lists.trustedfirmware.org on behalf of "Innocenti, Michele via mbed-tls" mbed-tls@lists.trustedfirmware.org Reply to: "Innocenti, Michele" michele_innocenti@baxter.com Date: Thursday, 1 October 2020 at 14:04 To: "mbed-tls@lists.trustedfirmware.org" mbed-tls@lists.trustedfirmware.org Subject: [mbed-tls] Official bug list
Hi,
We are evaluating Mbed TLS library and we need to know if it’s available an official list of defects and revision of fixing.
I’m not looking for CVEs but for bugs in the library.
Thanks! Michele