Check for potentially exploitable overflows in asn1_d2i_read_bio
[openssl.git] / CHANGES
diff --git a/CHANGES b/CHANGES
index 1611dbeb3d4f8abfe46b8f09d6c1040849f881d9..94cfe6e7848396e90d3f97d95c1ecb07f5fcbc3f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
      whose return value is often ignored. 
      [Steve Henson]
   
- Changes between 1.0.1 and 1.0.1a [xx XXX xxxx]
+ Changes between 1.0.1 and 1.0.1a [19 Apr 2012]
+
+  *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+     BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+     in CRYPTO_realloc_clean.
+
+     Thanks to Tavis Ormandy, Google Security Team, for discovering this
+     issue and to Adam Langley <agl@chromium.org> for fixing it.
+     (CVE-2012-2110)
+     [Adam Langley (Google), Tavis Ormandy, Google Security Team]
 
   *) Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
      [Adam Langley]