Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 3771698bfd5202165076813d578ec140f51b4540..a6672ed6fe73544050d33b93b580a6e0e7cbfe2d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,14 @@
  _______________
 
  Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]
+ 
+  *) Prevent malformed RFC3779 data triggering an assertion failure.
+     Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
+     and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
+     [Rob Austein <sra@hactrn.net>]
+
+  *) Fix ssl_ciph.c set-up race.
+     [Adam Langley (Google)]
 
   *) Fix spurious failures in ecdsatest.c.
      [Emilia Käsper (Google)]