From 1917fb6dd84e0a572f258a2931802224eb92b5c1 Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@openssl.org>
Date: Thu, 5 Nov 2009 16:08:52 +0000
Subject: [PATCH] Add CVE number.

---
 CHANGES | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index cd445c9313..3c9f51c5b7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,10 +5,11 @@
  Changes between 0.9.8k and 0.9.8l  [5 Nov 2009]
 
   *) Disable renegotiation completely - this fixes a severe security
-     problem at the cost of breaking all renegotiation. Renegotiation
-     can be re-enabled by setting
-     OPENSSL_ENABLE_UNSAFE_LEGACY_SESSION_RENEGOTATION at
-     compile-time. This is really not recommended.
+     problem (CVE-2009-3555) at the cost of breaking all
+     renegotiation. Renegotiation can be re-enabled by setting
+     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
+     run-time. This is really not recommended unless you know what
+     you're doing.
      [Ben Laurie]
 
  Changes between 0.9.8j and 0.9.8k  [25 Mar 2009]
-- 
2.25.1