From 99258ff315783b40a6e903699fa00914952867b1 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 27 Sep 2019 14:07:00 +0200
Subject: [PATCH] Parse HelloVerifyRequest buffer overread: add changelog entry

---
 ChangeLog | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 1f21f5e256..105875e491 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,8 @@ Security
      during certificate extensions parsing. In case of receiving malformed
      input (extensions length field equal to 0), an illegal read of one byte
      beyond the input buffer is made. Found and analyzed by Nathan Crandall.
+   * Fix a potentially remotely exploitable buffer overread in a
+     DTLS client when parsing the Hello Verify Request message.
 
 Bugfix
    * Fix a potential memory leak in mbedtls_ssl_setup() function. An allocation