Add ChangeLog entry

commit: dfa4d7187320cb99fb0a27fdae4702af5c33c1e1 [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Mon Nov 11 14:18:18 2019 +0000
committer: Janos Follath <janos.follath@arm.com> Mon Nov 11 14:18:18 2019 +0000
tree: 334cc8bad00116c7502e4fccf45b7b0fc88076d2
parent: b4edac561626719ea0af952196024198fd81184d [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 16982a0..ee020ab 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -2,6 +2,12 @@
 
 = mbed TLS 2.7.x branch released xxxx-xx-xx
 
+Security
+   * Fix side channel vulnerability in ECDSA key generation. Obtaining precise
+     timings on the comparison in the key generation enabled the attacker to
+     learn leading bits of the ephemeral key used during ECDSA signatures and to
+     recover the private key.
+
 Changes
    * Add unit tests for AES-GCM when called through mbedtls_cipher_auth_xxx()
      from the cipher abstraction layer. Fixes #2198.
commit	dfa4d7187320cb99fb0a27fdae4702af5c33c1e1	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Mon Nov 11 14:18:18 2019 +0000
committer	Janos Follath <janos.follath@arm.com>	Mon Nov 11 14:18:18 2019 +0000
tree	334cc8bad00116c7502e4fccf45b7b0fc88076d2
parent	b4edac561626719ea0af952196024198fd81184d [diff] [blame]