Merge remote-tracking branch 'restricted/pr/670' into mbedtls-2.16-restricted
* restricted/pr/670:
Parse HelloVerifyRequest buffer overread: add changelog entry
Parse HelloVerifyRequest: avoid buffer overread at the start
Parse HelloVerifyRequest: avoid buffer overread on the cookie
diff --git a/ChangeLog b/ChangeLog
index 64c72a5..dc2acf7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,8 @@
untrusted operating system attacking a secure enclave) to fully recover
an ECDSA private key. Found and reported by Alejandro Cabrera Aldaya,
Billy Brumley and Cesar Pereida Garcia. CVE-2020-10932
+ * Fix a potentially remotely exploitable buffer overread in a
+ DTLS client when parsing the Hello Verify Request message.
Bugfix
* Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and