Merge remote-tracking branch 'restricted/pr/670' into mbedtls-2.16-restricted * restricted/pr/670: Parse HelloVerifyRequest buffer overread: add changelog entry Parse HelloVerifyRequest: avoid buffer overread at the start Parse HelloVerifyRequest: avoid buffer overread on the cookie

commit: ef98d49997bf09f668e2b50cf689535039a48614 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Apr 09 11:56:09 2020 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Apr 09 11:56:09 2020 +0200
tree: 4bc5f652e23a2006893f500fd8c2afab34e28566
parent: 3a1b209f9edaa0b3331b92d8d94b5c60a2ccae5a [diff] [blame]
parent: afbcf97c2051f7f77db58463df4734cc1dd9a866 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 64c72a5..dc2acf7 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -8,6 +8,8 @@
      untrusted operating system attacking a secure enclave) to fully recover
      an ECDSA private key. Found and reported by Alejandro Cabrera Aldaya,
      Billy Brumley and Cesar Pereida Garcia. CVE-2020-10932
+   * Fix a potentially remotely exploitable buffer overread in a
+     DTLS client when parsing the Hello Verify Request message.
 
 Bugfix
    * Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and
commit	ef98d49997bf09f668e2b50cf689535039a48614	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Apr 09 11:56:09 2020 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Apr 09 11:56:09 2020 +0200
tree	4bc5f652e23a2006893f500fd8c2afab34e28566
parent	3a1b209f9edaa0b3331b92d8d94b5c60a2ccae5a [diff] [blame]
parent	afbcf97c2051f7f77db58463df4734cc1dd9a866 [diff] [blame]