From 79d1cadbcb4d0f44f42fe44e5c962c8dd14889d8 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 27 Jun 2024 10:59:55 +0200
Subject: [PATCH] Improve description of who is affected

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/ecdsa-conversion-overflow.txt | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ChangeLog.d/ecdsa-conversion-overflow.txt b/ChangeLog.d/ecdsa-conversion-overflow.txt
index 00cac06513..83b7f2f88b 100644
--- a/ChangeLog.d/ecdsa-conversion-overflow.txt
+++ b/ChangeLog.d/ecdsa-conversion-overflow.txt
@@ -1,4 +1,6 @@
 Security
    * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and
-     mbedtls_ecdsa_raw_to_der() when curve_bits is larger than the
-     largest supported curve.
+     mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the
+     largest supported curve. In some configurations with PSA disabled,
+     all values of bits are affected. This never happens in internal library
+     calls, but can affect applications that call these functions directly.