X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=CHANGES;h=b2871e96603316c3b6b1803fed7a676398b2b7eb;hb=05689a132cbb40800677486317c0694fa65fd118;hp=8adac3b6d415b380497c39c7ccdbfbbda06d183f;hpb=66e8211c0b1347970096e04b18aa52567c325200;p=oweals%2Fopenssl.git

diff --git a/CHANGES b/CHANGES
index 8adac3b6d4..b2871e9660 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,24 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.8x and 0.9.8y [xx XXX xxxx]
+ Changes between 0.9.8y and 0.9.8za [xx XXX xxxx]
+
+  *)
+
+ Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
+
+  *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
+
+     This addresses the flaw in CBC record processing discovered by 
+     Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
+     at: http://www.isg.rhul.ac.uk/tls/     
+
+     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+     Security Group at Royal Holloway, University of London
+     (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
+     Emilia Käsper for the initial patch.
+     (CVE-2013-0169)
+     [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
 
   *) Return an error when checking OCSP signatures when key is NULL.
      This fixes a DoS attack. (CVE-2013-0166)