X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=CHANGES;h=846e66e1dd326eb753bbff4f18b08eb9e5812c43;hb=51b77c0337bd22ce391f339bd376788dc4e9a4ad;hp=eee88aeab333d9af697d2f61200b692dc1a11675;hpb=48e0f6667b86cade6e7b7afa83c7006ab7e8c2d1;p=oweals%2Fopenssl.git

diff --git a/CHANGES b/CHANGES
index eee88aeab3..846e66e1dd 100644
--- a/CHANGES
+++ b/CHANGES
@@ -52,7 +52,19 @@
      certificates.
      [Steve Henson]
 
- Changes between 1.0.1 and 1.0.1a [xx XXX xxxx]
+ Changes between 1.0.1 and 1.0.1a [19 Apr 2012]
+
+  *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+     BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+     in CRYPTO_realloc_clean.
+
+     Thanks to Tavis Ormandy, Google Security Team, for discovering this
+     issue and to Adam Langley <agl@chromium.org> for fixing it.
+     (CVE-2012-2110)
+     [Adam Langley (Google), Tavis Ormandy, Google Security Team]
+
+  *) Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
+     [Adam Langley]
 
   *) Workarounds for some broken servers that "hang" if a client hello
      record length exceeds 255 bytes: