Add a ChangeLog entry for local Lucky13 variant Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

commit: c9ebbd58435069cc74fbe4c22f6e7c45c3aced22 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Aug 20 12:17:05 2020 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed Aug 26 10:58:02 2020 +0200
tree: f86a86fb3cdbd8544ee9170d370b887017ee5a98
parent: 5b2e60dc36809e8bc3f1d79ed6c07ab0ebb99493 [diff]
diff --git a/ChangeLog.d/local-lucky13.txt b/ChangeLog.d/local-lucky13.txt
new file mode 100644
index 0000000..5a3eed0
--- /dev/null
+++ b/ChangeLog.d/local-lucky13.txt

@@ -0,0 +1,9 @@
+Security
+   * Fix a local timing side channel vulnerability in (D)TLS record decryption
+     when using a CBC ciphersuites without the Encrypt-then-Mac extension. In
+     those circumstances, a local attacker able to observe the state of the
+     cache could use well-chosen functions to measure the exact computation
+     time of the HMAC, and follow up with the usual range of Lucky 13 attacks,
+     including plaintext recovery and key recovery. Found and reported by Tuba
+     Yavuz, Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
+     (University of Florida) and Dave Tian (Purdue University).
commit	c9ebbd58435069cc74fbe4c22f6e7c45c3aced22	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Aug 20 12:17:05 2020 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Wed Aug 26 10:58:02 2020 +0200
tree	f86a86fb3cdbd8544ee9170d370b887017ee5a98
parent	5b2e60dc36809e8bc3f1d79ed6c07ab0ebb99493 [diff]