projects / oweals / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
correct error code
[oweals/openssl.git] / CHANGES
diff --git a/CHANGES b/CHANGES
index e8995c8966f6ddd694a301cf7b7ed29dc8734bfe..846e66e1dd326eb753bbff4f18b08eb9e5812c43 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -52,7 +52,16 @@
      certificates.
      [Steve Henson]
 
- Changes between 1.0.1 and 1.0.1a [xx XXX xxxx]
+ Changes between 1.0.1 and 1.0.1a [19 Apr 2012]
+
+  *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+     BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+     in CRYPTO_realloc_clean.
+
+     Thanks to Tavis Ormandy, Google Security Team, for discovering this
+     issue and to Adam Langley <agl@chromium.org> for fixing it.
+     (CVE-2012-2110)
+     [Adam Langley (Google), Tavis Ormandy, Google Security Team]
 
   *) Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
      [Adam Langley]
Unnamed repository; edit this file 'description' to name the repository.