Merge remote-tracking branch 'restricted/pr/670' into mbedtls-2.16-restricted

* restricted/pr/670:
  Parse HelloVerifyRequest buffer overread: add changelog entry
  Parse HelloVerifyRequest: avoid buffer overread at the start
  Parse HelloVerifyRequest: avoid buffer overread on the cookie
diff --git a/ChangeLog b/ChangeLog
index 64c72a5..dc2acf7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,8 @@
      untrusted operating system attacking a secure enclave) to fully recover
      an ECDSA private key. Found and reported by Alejandro Cabrera Aldaya,
      Billy Brumley and Cesar Pereida Garcia. CVE-2020-10932
+   * Fix a potentially remotely exploitable buffer overread in a
+     DTLS client when parsing the Hello Verify Request message.
 
 Bugfix
    * Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and