Update changelog to show fix for PR1679 as per Tomas Hoger's testing:

author Mark J. Cox <mark@openssl.org>

Tue, 2 Jun 2009 09:20:52 +0000 (09:20 +0000)

committer Mark J. Cox <mark@openssl.org>

Tue, 2 Jun 2009 09:20:52 +0000 (09:20 +0000)
author Mark J. Cox <mark@openssl.org>
Tue, 2 Jun 2009 09:20:52 +0000 (09:20 +0000)
committer Mark J. Cox <mark@openssl.org>
Tue, 2 Jun 2009 09:20:52 +0000 (09:20 +0000)
diff --git a/CHANGES b/CHANGES

index ebf73365707e62dd50e38a1f7a9d8ede51faabbe..3f9160a585d9c7621b2ed6f21cc96f708949f654 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -117,6 +117,10 @@
  
   Changes between 0.9.8h and 0.9.8i  [15 Sep 2008]
  
+  *) Fix NULL pointer dereference if a DTLS server recieved
+     ChangeCipherSpec as first record (CVE-2009-1386)
+     [Bodo Moeller, discovered by Alex Lam]
+
    *) Fix a state transitition in s3_srvr.c and d1_srvr.c
       (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
       [Nagendra Modadugu]
author	Mark J. Cox <mark@openssl.org>
	Tue, 2 Jun 2009 09:20:52 +0000 (09:20 +0000)
committer	Mark J. Cox <mark@openssl.org>
	Tue, 2 Jun 2009 09:20:52 +0000 (09:20 +0000)