Changelog entry for PSA CBC-PKCS7 padding oracle fix Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: 2d666646bace4de2fce0f8dd9f95df560dd55f73 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Thu Aug 07 23:07:31 2025 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Mon Sep 08 12:22:39 2025 +0200
tree: cd697dfdbdc3931688585c81e341dba0751efba3
parent: 04dfd704325a6dbc2a13eb7f418eaca9ae9ca549 [diff]
diff --git a/ChangeLog.d/pkcs7-padding-error-leak.txt b/ChangeLog.d/pkcs7-padding-error-leak.txt
new file mode 100644
index 0000000..5d204d5
--- /dev/null
+++ b/ChangeLog.d/pkcs7-padding-error-leak.txt

@@ -0,0 +1,5 @@
+Security
+   * Fix a timing side channel in CBC-PKCS7 decryption that could
+     allow an attacker who can submit chosen ciphertexts to recover
+     some plaintexts through a timing-based padding oracle attack.
+     Credits to Beat Heeb from Oberon microsystems AG. CVE-TODO
commit	2d666646bace4de2fce0f8dd9f95df560dd55f73	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Aug 07 23:07:31 2025 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Sep 08 12:22:39 2025 +0200
tree	cd697dfdbdc3931688585c81e341dba0751efba3
parent	04dfd704325a6dbc2a13eb7f418eaca9ae9ca549 [diff]