doc/CHANGELOG.md: update changelog for 5.1.1-rc0 CVE-fix

idesai · idesai · commit cde422b987ce · 2021-06-02T09:48:44.000-07:00
Signed-off-by: Imran Desai &lt;imran.desai@intel.com&gt;
diff --git a/doc/CHANGELOG.md b/doc/CHANGELOG.md
@@ -1,5 +1,13 @@
 ## Changelog
 
+### 5.1.1-rc0 2021-05-28
+
+  * tpm2_import: fix fixed AES key CVE-2021-3565
+      - tpm2_import used a fixed AES key for the inner wrapper, which means that
+        a MITM attack would be able to unwrap the imported key. To fix this,
+        ensure the key size is 16 bytes or bigger and use OpenSSL to generate a
+        secure random AES key.
+
 ### 5.1 2021-05-24
 
   * Build
