From 70807520ec5e905cf1bb49296dc92a7638a03e42 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Tue, 25 Mar 2025 14:01:40 +0000
Subject: [PATCH] Add missing credit for set_hostname issue

Correctly credit Daniel Stenberg for reporting the problem with
mbedtls_ssl_set_hostname().

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 ChangeLog | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ChangeLog b/ChangeLog
index e673c704fd..5cadd2b007 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -35,6 +35,7 @@ Security
      The library will now prevent the handshake and return
      MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
      if mbedtls_ssl_set_hostname() has not been called.
+     Reported by Daniel Stenberg.
      CVE-2025-27809
    * Zeroize a temporary heap buffer used in psa_key_derivation_output_key()
      when deriving an ECC key pair.