Changelogs: Added CVEs
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
diff --git a/ChangeLog.d/fix-string-to-names-memory-management.txt b/ChangeLog.d/fix-string-to-names-memory-management.txt
index 87bc596..6b744a7 100644
--- a/ChangeLog.d/fix-string-to-names-memory-management.txt
+++ b/ChangeLog.d/fix-string-to-names-memory-management.txt
@@ -10,6 +10,7 @@
were affected (use-after-free if the san string contains more than one DN).
Code that does not call mbedtls_string_to_names() directly is not affected.
Found by Linh Le and Ngan Nguyen from Calif.
+ CVE-2025-47917
Changes
* The function mbedtls_x509_string_to_names() now requires its head argument
diff --git a/ChangeLog.d/fix-string-to-names-store-named-data.txt b/ChangeLog.d/fix-string-to-names-store-named-data.txt
index e517cbb..b088468 100644
--- a/ChangeLog.d/fix-string-to-names-store-named-data.txt
+++ b/ChangeLog.d/fix-string-to-names-store-named-data.txt
@@ -6,3 +6,5 @@
users of the output structure, such as mbedtls_x509_write_names(). This
only affects applications that create (as opposed to consume) X.509
certificates, CSRs or CRLs. Found by Linh Le and Ngan Nguyen from Calif.
+ CVE-2025-48965
+
diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
index b81fb42..506f2bd 100644
--- a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
+++ b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
@@ -9,3 +9,4 @@
authentication anyway. Only TLS 1.3 servers were affected, and only with
optional authentication (required would abort the handshake with a fatal
alert).
+ CVE-2024-45159
diff --git a/ChangeLog.d/mbedtls_ssl_set_hostname.txt b/ChangeLog.d/mbedtls_ssl_set_hostname.txt
index 250a5ba..05f375d 100644
--- a/ChangeLog.d/mbedtls_ssl_set_hostname.txt
+++ b/ChangeLog.d/mbedtls_ssl_set_hostname.txt
@@ -14,3 +14,5 @@
MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
if mbedtls_ssl_set_hostname() has not been called.
Reported by Daniel Stenberg.
+ CVE-2025-27809
+