From b9c09af596a6bcae60eb4c43284f06c8420530c5 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 9 Jun 2017 11:31:43 +0100
Subject: [PATCH] Add ChangeLog entry

---
 ChangeLog | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 3220df9a2..2579c3c3c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,11 @@ mbed TLS ChangeLog (Sorted per branch, date)
 = mbed TLS 1.3.x branch released xxxx-xx-xx
 
 Security
+   * Fixed unlimited overread of heap-based buffer in ssl_read().
+     The issue could only happen client-side with renegotiation enabled.
+     Could result in DoS (application crash) or information leak
+     (if the application layer sent data read from ssl_read()
+     back to the server or to a third party). Can be triggered remotely.
    * Add exponent blinding to RSA private operations as a countermeasure
      against side-channel attacks like the cache attack described in
      https://arxiv.org/abs/1702.08719v2.