Added CVE's to ChangeLogs

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2026-03-20 19:21:09 +01:00 · 2025-06-08 23:10:58 +01:00
parent df2f0aae81
commit 255c492dab
2 changed files with 2 additions and 0 deletions
--- a/ChangeLog.d/1351_lms_overread.txt
+++ b/ChangeLog.d/1351_lms_overread.txt
@@ -1,3 +1,4 @@
 Security
   * Fix a buffer overread in mbedtls_lms_import_public_key() when the input is
     less than 3 bytes. Reported by Linh Le and Ngan Nguyen from Calif.
+     CVE-2025-49601
--- a/ChangeLog.d/1353_lms_check_return_of_merkle_leaf.txt
+++ b/ChangeLog.d/1353_lms_check_return_of_merkle_leaf.txt
@@ -2,3 +2,4 @@ Security
   * Fix a vulnerability in LMS verification through which an adversary could
     get an invalid signature accepted if they could cause a hash accelerator
     to fail. Found and reported by Linh Le and Ngan Nguyen from Calif.
+     CVE-2025-49600