From: Dr. Stephen Henson Date: Tue, 6 Jan 2015 21:12:15 +0000 (+0000) Subject: use correct credit in CHANGES X-Git-Tag: OpenSSL_1_0_0p~9 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=65c63da207543cd3d1de7ef20355b7ac364af8dd;p=oweals%2Fopenssl.git use correct credit in CHANGES Reviewed-by: Matt Caswell (cherry picked from commit 4138e3882556c762d77eb827b8be98507cde48df) --- diff --git a/CHANGES b/CHANGES index 0fbac88769..bc92912d0d 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,8 @@ *) Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. - Thanks to Karthikeyan Bhargavan for reporting this issue. + Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for + reporting this issue. (CVE-2014-3572) [Steve Henson] @@ -15,7 +16,8 @@ violated the TLS standard by allowing the use of temporary RSA keys in non-export ciphersuites and could be used by a server to effectively downgrade the RSA key length used to a value smaller than the server - certificate. Thanks for Karthikeyan Bhargavan for reporting this issue. + certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at + INRIA or reporting this issue. (CVE-2015-0204) [Steve Henson]