From: Dr. Stephen Henson Date: Tue, 6 Jan 2015 21:12:15 +0000 (+0000) Subject: use correct credit in CHANGES X-Git-Tag: OpenSSL_1_0_2~82 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a936ba11480a33db5d65f54da23b6e815e2a4b93;p=oweals%2Fopenssl.git use correct credit in CHANGES Reviewed-by: Matt Caswell (cherry picked from commit 4138e3882556c762d77eb827b8be98507cde48df) --- diff --git a/CHANGES b/CHANGES index 0ccd742999..0ca93f2583 100644 --- a/CHANGES +++ b/CHANGES @@ -376,7 +376,8 @@ *) Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. - Thanks to Karthikeyan Bhargavan for reporting this issue. + Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for + reporting this issue. (CVE-2014-3572) [Steve Henson] @@ -384,7 +385,8 @@ violated the TLS standard by allowing the use of temporary RSA keys in non-export ciphersuites and could be used by a server to effectively downgrade the RSA key length used to a value smaller than the server - certificate. Thanks for Karthikeyan Bhargavan for reporting this issue. + certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at + INRIA or reporting this issue. (CVE-2015-0204) [Steve Henson]