From 9a37e0f3bee3cb82273fa34750603c16524955e5 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 25 Sep 2017 10:51:32 +0100
Subject: [PATCH] Add ChangeLog entry for previous security fix

Fixes #825
---
 ChangeLog | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 51ad7273e2..0e864d1bf0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Security
+   * Fix a bug in the X.509 module potentially leading to a buffer overread
+     during CRT verification or to invalid or omitted checks for certificate
+     validity. The former can be triggered remotely, while the latter requires
+     a non DER-compliant certificate correctly signed by a trusted CA, or a
+     trusted CA with a non DER-compliant certificate. Found by luocm on GitHub.
+     Fixes #825.
+
 = mbed TLS 2.7.1 branch released 2018-02-23
 
 Default behavior changes