From a936ba11480a33db5d65f54da23b6e815e2a4b93 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 6 Jan 2015 21:12:15 +0000 Subject: [PATCH] use correct credit in CHANGES Reviewed-by: Matt Caswell (cherry picked from commit 4138e3882556c762d77eb827b8be98507cde48df) --- CHANGES | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 0ccd742999..0ca93f2583 100644 --- a/CHANGES +++ b/CHANGES @@ -376,7 +376,8 @@ *) Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. - Thanks to Karthikeyan Bhargavan for reporting this issue. + Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for + reporting this issue. (CVE-2014-3572) [Steve Henson] @@ -384,7 +385,8 @@ violated the TLS standard by allowing the use of temporary RSA keys in non-export ciphersuites and could be used by a server to effectively downgrade the RSA key length used to a value smaller than the server - certificate. Thanks for Karthikeyan Bhargavan for reporting this issue. + certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at + INRIA or reporting this issue. (CVE-2015-0204) [Steve Henson] -- 2.25.1