From cf873f74d40690e1c76ade0b6dadf228bc71d398 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 19 Oct 2017 09:13:35 +0100
Subject: [PATCH] Adapt ChangeLog

---
 ChangeLog | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 8f7843dc6..55e8cf16a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,13 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 = mbed TLS 2.1.x released xxxx-xx-xx
 
+Security
+   * Make mbedtls_mpi_read_binary constant-time with respect to
+     the input data. Previously, trailing zero bytes were detected
+     and omitted for the sake of saving memory, but potentially
+     leading to slight timing differences.
+     Reported by Marco Macchetti, Kudelski Group.
+
 Bugfix
    * Fix ssl_parse_record_header() to silently discard invalid DTLS records
      as recommended in RFC 6347 Section 4.1.2.7.