X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=CHANGES;h=d621d8435b95428c75a21ea32dd7e4b203639dbc;hb=eebefe35e768ed73aa443fe84bf8db58960fac13;hp=cf32f605eb0d9eae17d5b1a3d9b2a35a88468324;hpb=1db0bbdc76cfd715b60a155220328c15409cf1aa;p=openssl.git

diff --git a/CHANGES b/CHANGES
index cf32f605eb..d621d8435b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,20 @@
 
  Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]
 
+  *) Nadhem Alfardan and Kenny Paterson have discovered an extension
+     of the Vaudenay padding oracle attack on CBC mode encryption
+     which enables an efficient plaintext recovery attack against
+     the OpenSSL implementation of DTLS. Their attack exploits timing
+     differences arising during decryption processing. A research
+     paper describing this attack can be found at:
+                  http://www.isg.rhul.ac.uk/~kp/dtls.pdf
+     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+     Security Group at Royal Holloway, University of London
+     (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
+     <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de>
+     for preparing the fix. (CVE-2011-4108)
+     [Robin Seggelmann, Michael Tuexen]
+
   *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109)
      [Ben Laurie, Kasper <ekasper@google.com>]