Adapt ChangeLog

commit: b09c5721f57d6988ec4a1dadeac7e6cc6ca65b9c [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Mon Nov 20 10:43:35 2017 +0000
committer: Hanno Becker <hanno.becker@arm.com> Mon Nov 20 10:43:48 2017 +0000
tree: 0a6cb95315792f6fbad0eddaf1cbee5aff4322e6
parent: ce516ff449d9e2eeaaf917a85de78ee1ca0efa13 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 1b01eb6..e5ba213 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -3,6 +3,14 @@
 
 = mbed TLS 2.1.10 branch released 2017-xx-xx
 
+Security
+   * Fix heap corruption in implementation of truncated HMAC extension.
+     When the truncated HMAC extension is enabled and CBC is used,
+     sending a malicious application packet can be used to selectively
+     corrupt 6 bytes on the peer's heap, potentially leading to crash or
+     remote code execution. This can be triggered remotely from either
+     side in both TLS and DTLS.
+
 Bugfix
    * Fix ssl_parse_record_header() to silently discard invalid DTLS records
      as recommended in RFC 6347 Section 4.1.2.7.
commit	b09c5721f57d6988ec4a1dadeac7e6cc6ca65b9c	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Mon Nov 20 10:43:35 2017 +0000
committer	Hanno Becker <hanno.becker@arm.com>	Mon Nov 20 10:43:48 2017 +0000
tree	0a6cb95315792f6fbad0eddaf1cbee5aff4322e6
parent	ce516ff449d9e2eeaaf917a85de78ee1ca0efa13 [diff] [blame]