X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=CHANGES;h=846e66e1dd326eb753bbff4f18b08eb9e5812c43;hb=51b77c0337bd22ce391f339bd376788dc4e9a4ad;hp=e8995c8966f6ddd694a301cf7b7ed29dc8734bfe;hpb=bb3add20f33ec6c62c449954823c7439ea2ad24d;p=oweals%2Fopenssl.git

diff --git a/CHANGES b/CHANGES
index e8995c8966..846e66e1dd 100644
--- a/CHANGES
+++ b/CHANGES
@@ -52,7 +52,16 @@
      certificates.
      [Steve Henson]
 
- Changes between 1.0.1 and 1.0.1a [xx XXX xxxx]
+ Changes between 1.0.1 and 1.0.1a [19 Apr 2012]
+
+  *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+     BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+     in CRYPTO_realloc_clean.
+
+     Thanks to Tavis Ormandy, Google Security Team, for discovering this
+     issue and to Adam Langley <agl@chromium.org> for fixing it.
+     (CVE-2012-2110)
+     [Adam Langley (Google), Tavis Ormandy, Google Security Team]
 
   *) Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
      [Adam Langley]