Update ChangeLog

commit: e84d90181643806d91acfe39452d93bed153d67a [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Wed Nov 29 16:57:06 2017 +0000
committer: Hanno Becker <hanno.becker@arm.com> Fri Dec 01 10:20:47 2017 +0000
tree: 951afec1cdf491375b5a115d6663b56298a5a6c0
parent: e53dc43d3af5ff114b6e1183ca339532eadff883 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 6fdabba..1e339dc 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -10,11 +10,13 @@
      corrupt 6 bytes on the peer's heap, potentially leading to crash or
      remote code execution. This can be triggered remotely from either
      side in both TLS and DTLS.
+   * Fix implementation of truncated HMAC extension leading to
+     compatibility problems with non Mbed TLS peers and allowing
+     an offline 2^80 brute force attack on the HMAC key of a single,
+     uninterrupted (excluding session resumption) connection.
+     Found by Andreas Walz.
 
 Bugfix
-   * Fix wrong implementation of truncated HMAC extension leading to
-     compatibility problems with peers not running Mbed TLS. Found by
-     Andreas Walz.
    * Fix ssl_parse_record_header() to silently discard invalid DTLS records
      as recommended in RFC 6347 Section 4.1.2.7.
    * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
commit	e84d90181643806d91acfe39452d93bed153d67a	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Wed Nov 29 16:57:06 2017 +0000
committer	Hanno Becker <hanno.becker@arm.com>	Fri Dec 01 10:20:47 2017 +0000
tree	951afec1cdf491375b5a115d6663b56298a5a6c0
parent	e53dc43d3af5ff114b6e1183ca339532eadff883 [diff] [blame]