Fix stack buffer overflow in pkcs12

commit: 73011bba956e27b6c5a934cfbeaf3d2c429c9c2c [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Mon Sep 28 18:34:48 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Thu Oct 01 16:57:47 2015 +0200
tree: 5a069ffc8d98895e9de9fda0c5de78e352c0136e
parent: 2cf969678555c21cc16c0601dce8de8f902eb55f [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 6f8181b..b496e02 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,5 +1,12 @@
 PolarSSL ChangeLog
 
+= Version 1.2.16 released 2015-10-??
+
+Security
+   * Fix stack buffer overflow in pkcs12 decryption (used by
+     mbedtls_pk_parse_key(file)() when the password is > 129 bytes.
+     Found by Guido Vranken. Not triggerable remotely.
+
 = Version 1.2.16 released 2015-09-17
 
 Security
commit	73011bba956e27b6c5a934cfbeaf3d2c429c9c2c	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Mon Sep 28 18:34:48 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Thu Oct 01 16:57:47 2015 +0200
tree	5a069ffc8d98895e9de9fda0c5de78e352c0136e
parent	2cf969678555c21cc16c0601dce8de8f902eb55f [diff] [blame]