Merge pull request #1535 from Mbed-TLS/release/changelog_fixes_3.6.6

[Release] Added attributions & CVE to ChangeLogs (3.6 LTS)

ChangeLog.d/ffdh-peerkey-check.txt

@@ -3,4 +3,5 @@ Security
      PSA_ALG_FFDH: low-order elements were not rejected as they should be. This
      is a problem for protocols using FFDH that expect contributory behaviour,
      that is, where neither party should be able to force the shared secret
-     into a small set.
+     into a small set. Reported independently by Eva Crystal (0xiviel) and
++    another reporter.

ChangeLog.d/fix-null-pointer-dereference.txt

@@ -1,4 +1,5 @@
 Security
    * Fix a NULL pointer dereference in mbedtls_x509_string_to_names() when
      mbedtls_calloc() fails to allocate memory. This was caused by failing to
-     check whether mbedtls_calloc() returned NULL.
+     check whether mbedtls_calloc() returned NULL. Found and reported by
+     Haruto Kimura (Stella).

ChangeLog.d/inet_pton.txt

@@ -2,4 +2,4 @@ Security
    * Fix a limited buffer underflow in x509_inet_pton_ipv6(). In rare cases
      (e.g. on platforms with memory protection when the overread crosses page
      boundary) this could lead to DoS. Found and reported by Haruto Kimura
-     (Stella).
+     (Stella). CVE-2026-25833