Added CVE code to ChangeLog

author: Simon Butcher <simon.butcher@arm.com> 2015-10-05 17:34:19 +0100
committer: Simon Butcher <simon.butcher@arm.com> 2015-10-05 17:34:19 +0100
commit: 8b846b88047fd15947d669692cfc567f4202882e (patch)
tree: 35011cf02ec3de836f9dd9b5215538a9e10eb814
parent: ac4461f783ea526c9a57b1c88702a1dbb2da6076 (diff)
download: mbedtls-8b846b88047fd15947d669692cfc567f4202882e.zip
mbedtls-8b846b88047fd15947d669692cfc567f4202882e.tar.gz
mbedtls-8b846b88047fd15947d669692cfc567f4202882e.tar.bz2
1 files changed, 3 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 459897a..ce5b2c5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,9 +3,9 @@ PolarSSL ChangeLog
 = Version 1.2.17 released 2015-10-xx
 
 Security
-   * Fix possible heap buffer overflow in SSL if a very long hostname is used.
-     Can be trigerred remotely if you accept hostnames from untrusted parties.
-     Found by Guido Vranken, Intelworks.
+   * Fix for CVE-2015-5291. Possible heap buffer overflow in SSL if a very long
+     hostname is used. Can be trigerred remotely if you accept hostnames from
+     untrusted parties. Found by Guido Vranken, Intelworks.
    * Fix stack buffer overflow in pkcs12 decryption (used by
      mbedtls_pk_parse_key(file)() when the password is > 129 bytes. Found by
      Guido Vranken, Intelworks. Not triggerable remotely.
author	Simon Butcher <simon.butcher@arm.com>	2015-10-05 17:34:19 +0100
committer	Simon Butcher <simon.butcher@arm.com>	2015-10-05 17:34:19 +0100
commit	8b846b88047fd15947d669692cfc567f4202882e (patch)
tree	35011cf02ec3de836f9dd9b5215538a9e10eb814
parent	ac4461f783ea526c9a57b1c88702a1dbb2da6076 (diff)
download	mbedtls-8b846b88047fd15947d669692cfc567f4202882e.zip mbedtls-8b846b88047fd15947d669692cfc567f4202882e.tar.gz mbedtls-8b846b88047fd15947d669692cfc567f4202882e.tar.bz2