Merge multiple backported vulnerability fixes
diff --git a/ChangeLog b/ChangeLog
index ddba5c0..d8d6798 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,14 +3,37 @@
= mbed TLS 1.3.14 released 2015-10-xx
Security
- * Added fix for CVE-2015-xxxxx to prevent heap corruption due to buffer
- overflow of the hostname or session ticket. (Found by Guido Vranken)
+ * Added fix for CVE-2015-5291 to prevent heap corruption due to buffer
+ overflow of the hostname or session ticket. Found by Guido Vranken,
+ Intelworks.
+ * Fix stack buffer overflow in pkcs12 decryption (used by
+ mbedtls_pk_parse_key(file)() when the password is > 129 bytes. Found by
+ Guido Vranken, Intelworks. Not triggerable remotely.
+ * Fix potential buffer overflow in mbedtls_mpi_read_string().
+ Found by Guido Vranken, Intelworks. Not exploitable remotely in the context
+ of TLS, but might be in other uses. On 32 bit machines, requires reading a
+ string of close to or larger than 1GB to exploit; on 64 bit machines, would
+ require reading a string of close to or larger than 2^62 bytes.
+ * Fix potential random memory allocation in mbedtls_pem_read_buffer()
+ on crafted PEM input data. Found and fix provided by Guido Vranken,
+ Intelworks. Not triggerable remotely in TLS. Triggerable remotely if you
+ accept PEM data from an untrusted source.
+ * Fix potential double-free if ssl_set_psk() is called repeatedly on
+ the same ssl_context object and some memory allocations fail. Found by
+ Guido Vranken, Intelworks. Can not be forced remotely.
+ * Fix possible heap buffer overflow in base64_encode() when the input
+ buffer is 512MB or larger on 32-bit platforms. Found by Guido Vranken,
+ Intelworks. Found by Guido Vranken. Not trigerrable remotely in TLS.
+ * Fix potential heap buffer overflow in servers that perform client
+ authentication against a crafted CA cert. Cannot be triggered remotely
+ unless you allow third parties to pick trust CAs for client auth. Found by
+ Guido Vranken, Intelworks.
Changes
* Added checking of hostname length in ssl_set_hostname() to ensure domain
names are compliant with RFC 1035.
-= mbed TLS 1.3.13 reladsed 2015-09-17
+= mbed TLS 1.3.13 released 2015-09-17
Security
* Fix possible client-side NULL pointer dereference (read) when the client