Add Changelog for the Marvin attack fix Signed-off-by: Janos Follath <janos.follath@arm.com>

commit: a865fc951ead31a8f85bbee5d7d11bfa1a28de27 [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Tue Nov 21 09:57:27 2023 +0000
committer: Dave Rodgman <dave.rodgman@arm.com> Mon Jan 22 15:33:19 2024 +0000
tree: 8c9e26e26d7b22cef188a464d82d045068936919
parent: 6bcbc925bfe6f56c2d9871e34126cde37181ee14 [diff]
diff --git a/ChangeLog.d/fix-Marvin-attack.txt b/ChangeLog.d/fix-Marvin-attack.txt
new file mode 100644
index 0000000..f729304
--- /dev/null
+++ b/ChangeLog.d/fix-Marvin-attack.txt

@@ -0,0 +1,6 @@
+Security
+   * Fix a timing side channel in RSA private operations. This side channel
+     could be sufficient for a local attacker to recover the plaintext. It
+     requires the attecker to send a large number of messages for decryption.
+     For details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario.
+     Reported by Hubert Kario, Red Hat.
commit	a865fc951ead31a8f85bbee5d7d11bfa1a28de27	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Tue Nov 21 09:57:27 2023 +0000
committer	Dave Rodgman <dave.rodgman@arm.com>	Mon Jan 22 15:33:19 2024 +0000
tree	8c9e26e26d7b22cef188a464d82d045068936919
parent	6bcbc925bfe6f56c2d9871e34126cde37181ee14 [diff]