Add CVE IDs to Changelog

Signed-off-by: Janos Follath <janos.follath@arm.com>
2025-04-15 23:42:41 +00:00 · 2024-03-14 09:38:03 +00:00 · 2024-03-14 09:38:03 +00:00 · 9edd7fd002
commit 9edd7fd002
parent 5aef299006
2 changed files with 2 additions and 0 deletions
--- a/ChangeLog.d/tls-max-version-reset.txt
+++ b/ChangeLog.d/tls-max-version-reset.txt
@ -4,3 +4,4 @@ Security
     An attacker was able to prevent an Mbed TLS server from establishing any
     TLS 1.3 connection potentially resulting in a Denial of Service or forced
     version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e.
+     Fixes CVE-2024-28755.
--- a/ChangeLog.d/tls13-only-server.txt
+++ b/ChangeLog.d/tls13-only-server.txt
@ -8,3 +8,4 @@ Security
     - If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client
       was able to successfully establish a TLS 1.2 connection with the server.
       Reported by alluettiv on GitHub.
+    Fixes CVE-2024-28836.