Tweak RSA vulnerability changelog entry * Correct the list of authors. * Add the CVE number. * Improve the impact description.

commit: cc47d6c595ba6bb7e15713abe0b9361bf663bb97 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Thu Nov 29 12:45:01 2018 +0100
committer: Gilles Peskine <Gilles.Peskine@arm.com> Thu Nov 29 12:47:50 2018 +0100
tree: 15b0b35acc097cd28210fac2211a536419f9e91e
parent: f1a8eeb0a65163b70b6f74bdafc016ffba1cb889 [diff]
diff --git a/ChangeLog b/ChangeLog
index 98b95ca..a60799d 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -5,9 +5,10 @@
 Security
    * Fix timing variations and memory access variations in RSA PKCS#1 v1.5
      decryption that could lead to a Bleichenbacher-style padding oracle
-     attack. In TLS, this affects RSA-based ciphersuites without DHE or
-     ECDHE. Reported by Yuval Yarom, Eyal Ronen, Adi Shamir, David Wong and
-     Daniel Genkin.
+     attack. In TLS, this affects servers that accept ciphersuites based on
+     RSA decryption (i.e. ciphersuites whose name contains RSA but not
+     (EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi
+     Shamir, David Wong and Yuval Yarom. CVE-2018-19608
 
 Bugfix
     * Fix failure in hmac_drbg in the benchmark sample application, when
commit	cc47d6c595ba6bb7e15713abe0b9361bf663bb97	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Nov 29 12:45:01 2018 +0100
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Nov 29 12:47:50 2018 +0100
tree	15b0b35acc097cd28210fac2211a536419f9e91e
parent	f1a8eeb0a65163b70b6f74bdafc016ffba1cb889 [diff]