Add ChangeLog entry

commit: bf4c2e3f79176800704e5f27cb549790b6c736ec [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Fri Jun 09 11:28:45 2017 +0100
committer: Hanno Becker <hanno.becker@arm.com> Fri Jun 09 11:28:45 2017 +0100
tree: 80671bbaf60ff5e5ec71b8e7bf076d17d8aa30bb
parent: bdf3905fff532500f1f4f836e30baa664ef9fd93 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 08edd77..9dcc3f2 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -3,6 +3,11 @@
 = mbed TLS 2.x.x branch released xxxx-xx-xx
 
 Security
+   * Fixed unlimited overread of heap-based buffer in mbedtls_ssl_read().
+     The issue could only happen client-side with renegotiation enabled.
+     Could result in DoS (application crash) or information leak
+     (if the application layer sent data read from mbedtls_ssl_read()
+     back to the server or to a third party). Can be triggered remotely.
    * Removed SHA-1 and RIPEMD-160 from the default hash algorithms for
      certificate verification. SHA-1 can be turned back on with a compile-time
      option if needed.
commit	bf4c2e3f79176800704e5f27cb549790b6c736ec	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Fri Jun 09 11:28:45 2017 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Fri Jun 09 11:28:45 2017 +0100
tree	80671bbaf60ff5e5ec71b8e7bf076d17d8aa30bb
parent	bdf3905fff532500f1f4f836e30baa664ef9fd93 [diff] [blame]