projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix for CVE-2014-0076
[openssl.git] / CHANGES
diff --git a/CHANGES b/CHANGES
index 58ac884d80907e14a918380d5b4d4211dce11c7e..99aeefb4c235e733fb6884297b0fea4d37ffc0cf 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,15 @@
 
  Changes between 1.0.1f and 1.0.1g [xx XXX xxxx]
 
+  *) Fix for the attack described in the paper "Recovering OpenSSL
+     ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+     by Yuval Yarom and Naomi Benger. Details can be obtained from:
+     http://eprint.iacr.org/2014/140
+
+     Thanks to Yuval Yarom and Naomi Benger for discovering this
+     flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+     [Yuval Yarom and Naomi Benger]
+
   *) TLS pad extension: draft-agl-tls-padding-02
 
      Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
Unnamed repository; edit this file 'description' to name the repository.