Merge pull request #1201 from yanesca/add-cve-ids-to-changelog
Add CVE IDs to Changelog
diff --git a/ChangeLog.d/tls-max-version-reset.txt b/ChangeLog.d/tls-max-version-reset.txt
index 2fa5816..b7c81eb 100644
--- a/ChangeLog.d/tls-max-version-reset.txt
+++ b/ChangeLog.d/tls-max-version-reset.txt
@@ -4,3 +4,4 @@
An attacker was able to prevent an Mbed TLS server from establishing any
TLS 1.3 connection potentially resulting in a Denial of Service or forced
version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e.
+ Fixes CVE-2024-28755.
diff --git a/ChangeLog.d/tls13-only-server.txt b/ChangeLog.d/tls13-only-server.txt
index 9583bfb..736896e 100644
--- a/ChangeLog.d/tls13-only-server.txt
+++ b/ChangeLog.d/tls13-only-server.txt
@@ -8,3 +8,4 @@
- If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client
was able to successfully establish a TLS 1.2 connection with the server.
Reported by alluettiv on GitHub.
+ Fixes CVE-2024-28836.