From b782415e1bd6df03543223e1c653641d9dcd946a Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 2 Oct 2023 15:08:37 +0200
Subject: [PATCH] Changelog entry for xxdh_psa_peerkey size validation

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/xxx_psa_peerkey.txt | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 ChangeLog.d/xxx_psa_peerkey.txt

diff --git a/ChangeLog.d/xxx_psa_peerkey.txt b/ChangeLog.d/xxx_psa_peerkey.txt
new file mode 100644
index 0000000000..1ba1510000
--- /dev/null
+++ b/ChangeLog.d/xxx_psa_peerkey.txt
@@ -0,0 +1,6 @@
+Security
+   * Fix a remotely exploitable heap buffer overflow in TLS handshake parsing.
+     In TLS 1.3, all configurations are affected except PSK-only ones.
+     In TLS 1.2, the affected configurations are those with
+     MBEDTLS_USE_PSA_CRYPTO and ECDH enabled but DHM and RSA disabled.
+     Credit to OSS-Fuzz.