Merge remote-tracking branch 'upstream-public/pr/2132' into mbedtls-2.7

commit: 93bfd1da0c089170f1a6fe5ec0bc4b8de19cc6bd [log] [tgz]
author: Jaeden Amero <jaeden.amero@arm.com> Thu Dec 06 16:06:21 2018 +0000
committer: Jaeden Amero <jaeden.amero@arm.com> Thu Dec 06 16:06:21 2018 +0000
tree: 13c4f9805ee3b391d9077a6e0ad94258fcd1d89c
parent: 5e264e37d89b246296e746ff8554749f7de3b034 [diff] [blame]
parent: 7cf2857828dd2a97c70cc441465f9c342e4e774d [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index c014bbf..568d5db 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -9,6 +9,9 @@
    * Fix runtime error in `mbedtls_platform_entropy_poll()` when run
      through qemu user emulation. Reported and fix suggested by randombit
      in #1212. Fixes #1212.
+   * Fix an unsafe bounds check when restoring an SSL session from a ticket.
+     This could lead to a buffer overflow, but only in case ticket authentication
+     was broken. Reported and fix suggested by Guido Vranken in #659.
 
 = mbed TLS 2.7.8 branch released 2018-11-30
commit	93bfd1da0c089170f1a6fe5ec0bc4b8de19cc6bd	[log] [tgz]
author	Jaeden Amero <jaeden.amero@arm.com>	Thu Dec 06 16:06:21 2018 +0000
committer	Jaeden Amero <jaeden.amero@arm.com>	Thu Dec 06 16:06:21 2018 +0000
tree	13c4f9805ee3b391d9077a6e0ad94258fcd1d89c
parent	5e264e37d89b246296e746ff8554749f7de3b034 [diff] [blame]
parent	7cf2857828dd2a97c70cc441465f9c342e4e774d [diff] [blame]