From 50da016e5ce5eacdc7c41f55122ec8450f0b94c4 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 29 Nov 2018 12:46:05 +0100
Subject: [PATCH] Add changelog entry for mbedtls_mpi_write_binary fix

---
 ChangeLog | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 4f90d560b..5d2e8db18 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,13 @@ Security
      RSA decryption (i.e. ciphersuites whose name contains RSA but not
      (EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi
      Shamir, David Wong and Yuval Yarom. CVE-2018-19608
+   * In mbedtls_mpi_write_binary(), don't leak the exact size of the number
+     via branching and memory access patterns. An attacker who could submit
+     a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing
+     of the decryption and not its result could nonetheless decrypt RSA
+     plaintexts and forge RSA signatures. Other asymmetric algorithms may
+     have been similarly vulnerable. Reported by Eyal Ronen, Robert Gillham,
+     Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom.
 
 = mbed TLS 2.13.1 branch released 2018-09-06