From 056f19c79f14414a7b3745d29825783dce3a85af Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 29 Nov 2018 12:45:01 +0100
Subject: [PATCH] Tweak RSA vulnerability changelog entry

* Correct the list of authors.
* Add the CVE number.
* Improve the impact description.
---
 ChangeLog | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 0bb9ec04a..4f90d560b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,9 +5,10 @@ mbed TLS ChangeLog (Sorted per branch, date)
 Security
    * Fix timing variations and memory access variations in RSA PKCS#1 v1.5
      decryption that could lead to a Bleichenbacher-style padding oracle
-     attack. In TLS, this affects RSA-based ciphersuites without DHE or
-     ECDHE. Reported by Yuval Yarom, Eyal Ronen, Adi Shamir, David Wong and
-     Daniel Genkin.
+     attack. In TLS, this affects servers that accept ciphersuites based on
+     RSA decryption (i.e. ciphersuites whose name contains RSA but not
+     (EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi
+     Shamir, David Wong and Yuval Yarom. CVE-2018-19608
 
 = mbed TLS 2.13.1 branch released 2018-09-06