X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=2656e6616e0f45297f8c6166e0b75405be295736;hp=8425bb37eaf87c465ee1e420104acca0637cf157;hb=c46ecc3a55bcbbe4ff31da3864d015e343b0189f;hpb=7388b43cae035484036f5dc46c231ce6282a1367

diff --git a/CHANGES b/CHANGES
index 8425bb37ea..2656e6616e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -292,6 +292,14 @@
  
  Changes between 1.0.1b and 1.0.1c [xx XXX xxxx]
 
+  *) Sanity check record length before skipping explicit IV in TLS
+     1.2, 1.1 and DTLS to avoid DoS attack.
+
+     Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+     fuzzing as a service testing platform.
+     (CVE-2012-2333)
+     [Steve Henson]
+
   *) Initialise tkeylen properly when encrypting CMS messages.
      Thanks to Solar Designer of Openwall for reporting this issue.
      [Steve Henson]