Add ChangeLog entry for previous security fix Fixes #825

commit: 9a37e0f3bee3cb82273fa34750603c16524955e5 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Mon Sep 25 10:51:32 2017 +0100
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Mar 05 13:26:28 2018 +0100
tree: f3b17f75477c0790fea3f773de3b3eba5980a10f
parent: 2e7fee09da8b00c58effd3f1957eece9514a8be9 [diff]
diff --git a/ChangeLog b/ChangeLog
index 51ad727..0e864d1 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,5 +1,15 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Security
+   * Fix a bug in the X.509 module potentially leading to a buffer overread
+     during CRT verification or to invalid or omitted checks for certificate
+     validity. The former can be triggered remotely, while the latter requires
+     a non DER-compliant certificate correctly signed by a trusted CA, or a
+     trusted CA with a non DER-compliant certificate. Found by luocm on GitHub.
+     Fixes #825.
+
 = mbed TLS 2.7.1 branch released 2018-02-23
 
 Default behavior changes
commit	9a37e0f3bee3cb82273fa34750603c16524955e5	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Mon Sep 25 10:51:32 2017 +0100
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Mon Mar 05 13:26:28 2018 +0100
tree	f3b17f75477c0790fea3f773de3b3eba5980a10f
parent	2e7fee09da8b00c58effd3f1957eece9514a8be9 [diff]