projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Update from stable branch.
[openssl.git] / CHANGES
diff --git a/CHANGES b/CHANGES
index 1b034ceb31fef6f4029d7b2d27d15b8e75f3d7ee..6d2006e723441bd6a2ef49ba7ee41597ece1b5e7 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -751,6 +751,11 @@
 
  Changes between 0.9.8j and 0.9.8k  [xx XXX xxxx]
 
+  *) Don't set val to NULL when freeing up structures, it is freed up by
+     underlying code. If sizeof(void *) > sizeof(long) this can result in
+     zeroing past the valid field. (CVE-2009-0789)
+     [Paolo Ganci <Paolo.Ganci@AdNovum.CH>]
+
   *) Fix bug where return value of CMS_SignerInfo_verify_content() was not
      checked correctly. This would allow some invalid signed attributes to
      appear to verify correctly. (CVE-2009-0591)
Unnamed repository; edit this file 'description' to name the repository.