Add change log Signed-off-by: Ronald Cron <ronald.cron@arm.com>

commit: e0d7367a9ed3e6096914686c19f8175d00de44a5 [log] [tgz]
author: Ronald Cron <ronald.cron@arm.com> Fri Jun 17 15:38:26 2022 +0200
committer: Ronald Cron <ronald.cron@arm.com> Mon Jun 27 09:28:49 2022 +0200
tree: aed8526d866273aecf576a961cf8266c45047b6b
parent: 2b1a43c1011a03ae0050273b390cccd6d78853fc [diff]
diff --git a/ChangeLog.d/tls13-add-missing-overread-check.txt b/ChangeLog.d/tls13-add-missing-overread-check.txt
new file mode 100644
index 0000000..4552cd7
--- /dev/null
+++ b/ChangeLog.d/tls13-add-missing-overread-check.txt

@@ -0,0 +1,8 @@
+Security
+    * Fix a buffer overread in TLS 1.3 Certificate parsing. An unauthenticated
+      client or server could cause an MbedTLS server or client to overread up
+      to 64 kBytes of data and potentially overread the input buffer by that
+      amount minus the size of the input buffer. As overread data undergoes
+      various checks, the likelihood of reaching the boundary of the input
+      buffer is rather small but increases as its size
+      MBEDTLS_SSL_IN_CONTENT_LEN decreases.
commit	e0d7367a9ed3e6096914686c19f8175d00de44a5	[log] [tgz]
author	Ronald Cron <ronald.cron@arm.com>	Fri Jun 17 15:38:26 2022 +0200
committer	Ronald Cron <ronald.cron@arm.com>	Mon Jun 27 09:28:49 2022 +0200
tree	aed8526d866273aecf576a961cf8266c45047b6b
parent	2b1a43c1011a03ae0050273b390cccd6d78853fc [diff]