Correct the CHANGES entry for CVE-2023-1255

Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/20798) (cherry picked from commit e6990079c2413625d2039ebed49ea17a5b8cf935)
author: Tomas Mraz <tomas@openssl.org> 2023-04-21 10:14:13 +0200
committer: Tomas Mraz <tomas@openssl.org> 2023-04-26 15:38:58 +0200
commit: 39ed41b59db4051f14725114372f596203685368 (patch)
tree: 4cf360dcfd9b2e2e7a1b76ec64998f0854c3d051
parent: 2fad00207ea1a612b450a8ccc49f41d478cbc456 (diff)
download: openssl-new-39ed41b59db4051f14725114372f596203685368.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/CHANGES.md b/CHANGES.md
index e4c288e978..5f301e189a 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -31,9 +31,9 @@ breaking changes, and mappings for the large list of deprecated functions.
 ### Changes between 3.0.8 and 3.0.9 [xx XXX xxxx]
 
  * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which
-   happens if the buffer size is 4 mod 5. This can trigger a crash of an
-   application using AES-XTS decryption if the memory just after the buffer
-   being decrypted is not mapped.
+   happens if the buffer size is 4 mod 5 in 16 byte AES blocks. This can
+   trigger a crash of an application using AES-XTS decryption if the memory
+   just after the buffer being decrypted is not mapped.
    Thanks to Anton Romanov (Amazon) for discovering the issue.
    ([CVE-2023-1255])
author	Tomas Mraz <tomas@openssl.org>	2023-04-21 10:14:13 +0200
committer	Tomas Mraz <tomas@openssl.org>	2023-04-26 15:38:58 +0200
commit	39ed41b59db4051f14725114372f596203685368 (patch)
tree	4cf360dcfd9b2e2e7a1b76ec64998f0854c3d051
parent	2fad00207ea1a612b450a8ccc49f41d478cbc456 (diff)
download	openssl-new-39ed41b59db4051f14725114372f596203685368.tar.gz