From be16e38102859e8de927db8f64b1b2110a3e34d2 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Sat, 1 Dec 2018 22:46:55 +0000
Subject: [PATCH] Clarify attribution for the Bleichenbacher's Cat fix

---
 ChangeLog | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 61ec1a46a..48310357d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,8 +7,11 @@ Security
      decryption that could lead to a Bleichenbacher-style padding oracle
      attack. In TLS, this affects servers that accept ciphersuites based on
      RSA decryption (i.e. ciphersuites whose name contains RSA but not
-     (EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi
-     Shamir, David Wong and Yuval Yarom. CVE-2018-19608
+     (EC)DH(E)). Discovered by Eyal Ronen (Weizmann Institute),  Robert Gillham
+     (University of Adelaide), Daniel Genkin (University of Michigan),
+     Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom
+     (University of Adelaide, Data61). The attack is described in more detail
+     in the paper available here: http://cat.eyalro.net/cat.pdf  CVE-2018-19608
    * In mbedtls_mpi_write_binary(), don't leak the exact size of the number
      via branching and memory access patterns. An attacker who could submit
      a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing