From 453fd05333bc36714059962c2586a10e0508b71b Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 14 Oct 2024 11:03:24 +0200
Subject: [PATCH] Changelog entry for security fix

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 8eb43fe65c..69ab250148 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
 Mbed TLS ChangeLog (Sorted per branch, date)
 
+= Mbed TLS 3.6.2 branch released 2024-10-14
+
+Security
+   * Fix a buffer underrun in mbedtls_pk_write_pubkey_der() when
+     called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled,
+     and the output buffer is smaller than the actual output.
+     Fix a related buffer underrun in mbedtls_pk_write_pubkey_pem()
+     when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled
+     and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key.
+     CVE-2024-49195
+
 = Mbed TLS 3.6.1 branch released 2024-08-30
 
 API changes