From 4138e3882556c762d77eb827b8be98507cde48df Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 6 Jan 2015 21:12:15 +0000 Subject: [PATCH] use correct credit in CHANGES Reviewed-by: Matt Caswell --- CHANGES | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index f8dfbd427c..ef87df354d 100644 --- a/CHANGES +++ b/CHANGES @@ -670,7 +670,8 @@ *) Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. - Thanks to Karthikeyan Bhargavan for reporting this issue. + Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for + reporting this issue. (CVE-2014-3572) [Steve Henson] @@ -678,7 +679,8 @@ violated the TLS standard by allowing the use of temporary RSA keys in non-export ciphersuites and could be used by a server to effectively downgrade the RSA key length used to a value smaller than the server - certificate. Thanks for Karthikeyan Bhargavan for reporting this issue. + certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at + INRIA or reporting this issue. (CVE-2015-0204) [Steve Henson] -- 2.25.1