Add CVE IDs to security ChangeLog

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2025-04-15 23:42:41 +00:00 · 2024-08-28 19:04:26 +01:00 · 2024-08-28 19:04:26 +01:00 · fedf9a2096
commit fedf9a2096
parent 18f3bebb6f
1 changed files with 3 additions and 0 deletions
--- a/3
+++ b/3
@ -71,11 +71,13 @@ Security
   * Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does
     not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when
     MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.
+     CVE-2024-45157
   * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and
     mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the
     largest supported curve. In some configurations with PSA disabled,
     all values of bits are affected. This never happens in internal library
     calls, but can affect applications that call these functions directly.
+     CVE-2024-45158
   * With TLS 1.3, when a server enables optional authentication of the
     client, if the client-provided certificate does not have appropriate values
     in keyUsage or extKeyUsage extensions, then the return value of
@ -86,6 +88,7 @@ Security
     authentication anyway. Only TLS 1.3 servers were affected, and only with
     optional authentication (required would abort the handshake with a fatal
     alert).
+     CVE-2024-45159

 Bugfix
   * Fix TLS 1.3 client build and runtime when support for session tickets is