Changelog entry for security fix

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-04-16 08:42:50 +00:00 · 2024-10-14 11:03:24 +02:00 · 2024-10-14 11:03:24 +02:00 · e298eeb739
commit e298eeb739
parent 63348bed30
1 changed files with 8 additions and 0 deletions
--- a/ChangeLog.d/9690.txt
+++ b/ChangeLog.d/9690.txt
@ -0,0 +1,8 @@
+Security
+   * Fix a buffer underrun in mbedtls_pk_write_pubkey_der() when
+     called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled,
+     and the output buffer is smaller than the actual output.
+     Fix a related buffer underrun in mbedtls_pk_write_pubkey_pem()
+     when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled
+     and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key.
+     CVE-2024-49195