Add CVE IDs to security ChangeLog
Signed-off-by: David Horstmann <david.horstmann@arm.com>
diff --git a/ChangeLog b/ChangeLog
index 05e4237..4ce0232 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -71,11 +71,13 @@
* Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does
not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.
+ CVE-2024-45157
* Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and
mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the
largest supported curve. In some configurations with PSA disabled,
all values of bits are affected. This never happens in internal library
calls, but can affect applications that call these functions directly.
+ CVE-2024-45158
* With TLS 1.3, when a server enables optional authentication of the
client, if the client-provided certificate does not have appropriate values
in keyUsage or extKeyUsage extensions, then the return value of
@@ -86,6 +88,7 @@
authentication anyway. Only TLS 1.3 servers were affected, and only with
optional authentication (required would abort the handshake with a fatal
alert).
+ CVE-2024-45159
Bugfix
* Fix TLS 1.3 client build and runtime when support for session tickets is