Add ChangeLog entry

commit: 88647ace2bb60f97ace1ab7659b706faef144290 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Fri Jun 09 11:30:33 2017 +0100
committer: Hanno Becker <hanno.becker@arm.com> Fri Jun 09 11:30:33 2017 +0100
tree: 158a4f77e97d3fd1450569a1571c9ac2c0d9d31c
parent: cc019084b86bb1a225dba437d95c4f170a6625b5 [diff]
diff --git a/ChangeLog b/ChangeLog
index 7c04ce0..b6067c6 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -3,6 +3,11 @@
 = mbed TLS 2.1.x branch released xxxx-xx-xx
 
 Security
+   * Fixed unlimited overread of heap-based buffer in mbedtls_ssl_read().
+     The issue could only happen client-side with renegotiation enabled.
+     Could result in DoS (application crash) or information leak
+     (if the application layer sent data read from mbedtls_ssl_read()
+     back to the server or to a third party). Can be triggered remotely.
    * Add exponent blinding to RSA private operations as a countermeasure
      against side-channel attacks like the cache attack described in
      https://arxiv.org/abs/1702.08719v2.
commit	88647ace2bb60f97ace1ab7659b706faef144290	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Fri Jun 09 11:30:33 2017 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Fri Jun 09 11:30:33 2017 +0100
tree	158a4f77e97d3fd1450569a1571c9ac2c0d9d31c
parent	cc019084b86bb1a225dba437d95c4f170a6625b5 [diff]