From 9edd7fd002f64193e125f966bb6dd5111aef2f7a Mon Sep 17 00:00:00 2001
From: Janos Follath <janos.follath@arm.com>
Date: Thu, 14 Mar 2024 09:38:03 +0000
Subject: [PATCH] Add CVE IDs to Changelog

Signed-off-by: Janos Follath <janos.follath@arm.com>
---
 ChangeLog.d/tls-max-version-reset.txt | 1 +
 ChangeLog.d/tls13-only-server.txt     | 1 +
 2 files changed, 2 insertions(+)

diff --git a/ChangeLog.d/tls-max-version-reset.txt b/ChangeLog.d/tls-max-version-reset.txt
index 2fa58168c2..b7c81eb65b 100644
--- a/ChangeLog.d/tls-max-version-reset.txt
+++ b/ChangeLog.d/tls-max-version-reset.txt
@@ -4,3 +4,4 @@ Security
      An attacker was able to prevent an Mbed TLS server from establishing any
      TLS 1.3 connection potentially resulting in a Denial of Service or forced
      version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e.
+     Fixes CVE-2024-28755.
diff --git a/ChangeLog.d/tls13-only-server.txt b/ChangeLog.d/tls13-only-server.txt
index 9583bfb331..736896e89a 100644
--- a/ChangeLog.d/tls13-only-server.txt
+++ b/ChangeLog.d/tls13-only-server.txt
@@ -8,3 +8,4 @@ Security
      - If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client
        was able to successfully establish a TLS 1.2 connection with the server.
        Reported by alluettiv on GitHub.
+    Fixes CVE-2024-28836.