Merge pull request #1534 from Mbed-TLS/release/changelog_fixes_4.1.0

[Release] Added attributions & CVE to ChangeLogs

ChangeLog.d/context_load_and_session_load_documentation.txt

@@ -4,5 +4,5 @@ Security
      mbedtls_ssl_context_load() has been updated to clarify the responsibility
      of the application to preserve the confidentiality and integrity of
      serialized data, mitigating the risk of misuse of these APIs.
-     Credit to Haruto Kimura (Stella) for highlighting risks associated with
-     tampered serialized data.
+     Credit to Haruto Kimura (Stella) and Eva Crystal (0xiviel) for
+     highlighting risks associated with tampered serialized data.

ChangeLog.d/fix-null-pointer-dereference.txt

@@ -1,4 +1,5 @@
 Security
    * Fix a NULL pointer dereference in mbedtls_x509_string_to_names() when
      mbedtls_calloc() fails to allocate memory. This was caused by failing to
-     check whether mbedtls_calloc() returned NULL.
+     check whether mbedtls_calloc() returned NULL. Found and reported by
+     Haruto Kimura (Stella).

ChangeLog.d/inet_pton.txt

@@ -2,4 +2,4 @@ Security
    * Fix a limited buffer underflow in x509_inet_pton_ipv6(). In rare cases
      (e.g. on platforms with memory protection when the overread crosses page
      boundary) this could lead to DoS. Found and reported by Haruto Kimura
-     (Stella).
+     (Stella). CVE-2026-25833