Tweak RSA vulnerability changelog entry * Correct the list of authors. * Add the CVE number. * Improve the impact description.

commit: 056f19c79f14414a7b3745d29825783dce3a85af [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Thu Nov 29 12:45:01 2018 +0100
committer: Gilles Peskine <Gilles.Peskine@arm.com> Thu Nov 29 12:45:01 2018 +0100
tree: efd55243ad9abe907666773ab7f610dbe36c6c66
parent: 11cdb0559e46dbe9301bd37a36d583e3d2fefd3b [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 0bb9ec0..4f90d56 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -5,9 +5,10 @@
 Security
    * Fix timing variations and memory access variations in RSA PKCS#1 v1.5
      decryption that could lead to a Bleichenbacher-style padding oracle
-     attack. In TLS, this affects RSA-based ciphersuites without DHE or
-     ECDHE. Reported by Yuval Yarom, Eyal Ronen, Adi Shamir, David Wong and
-     Daniel Genkin.
+     attack. In TLS, this affects servers that accept ciphersuites based on
+     RSA decryption (i.e. ciphersuites whose name contains RSA but not
+     (EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi
+     Shamir, David Wong and Yuval Yarom. CVE-2018-19608
 
 = mbed TLS 2.13.1 branch released 2018-09-06
commit	056f19c79f14414a7b3745d29825783dce3a85af	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Nov 29 12:45:01 2018 +0100
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Nov 29 12:45:01 2018 +0100
tree	efd55243ad9abe907666773ab7f610dbe36c6c66
parent	11cdb0559e46dbe9301bd37a36d583e3d2fefd3b [diff] [blame]