Add the corresponding CVE names to the CHANGES entry for 0.9.8 branch

author: Mark J. Cox <mark@openssl.org> 2009-05-26 08:21:56 +0000
committer: Mark J. Cox <mark@openssl.org> 2009-05-26 08:21:56 +0000
commit: a176be48a22ff23b53c5905a2b20ca1b345e986f (patch)
tree: 5a13b8034099c1523b836a89db2d5c5accd21f49 /CHANGES
parent: f47bce27e3a15a3a6d4f323d1c8496b5a9b73feb (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/CHANGES b/CHANGES
index c26ff5ecdb..ebf7336570 100644
--- a/CHANGES
+++ b/CHANGES
@@ -11,7 +11,7 @@
      left. Additionally every future messege was buffered, even if the
      sequence number made no sense and would be part of another handshake.
      So only messages with sequence numbers less than 10 in advance will be
-     buffered.
+     buffered.  (CVE-2009-1378)
      [Robin Seggelmann, discovered by Daniel Mentz] 	
 
   *) Records are buffered if they arrive with a future epoch to be
@@ -20,10 +20,11 @@
      a DOS attack with sending records with future epochs until there is no
      memory left. This patch adds the pqueue_size() function to detemine
      the size of a buffer and limits the record buffer to 100 entries.
+     (CVE-2009-1377)
      [Robin Seggelmann, discovered by Daniel Mentz] 	
 
   *) Keep a copy of frag->msg_header.frag_len so it can be used after the
-     parent structure is freed.
+     parent structure is freed.  (CVE-2009-1379)
      [Daniel Mentz] 	
 
   *) Handle non-blocking I/O properly in SSL_shutdown() call.
author	Mark J. Cox <mark@openssl.org>	2009-05-26 08:21:56 +0000
committer	Mark J. Cox <mark@openssl.org>	2009-05-26 08:21:56 +0000
commit	a176be48a22ff23b53c5905a2b20ca1b345e986f (patch)
tree	5a13b8034099c1523b836a89db2d5c5accd21f49 /CHANGES
parent	f47bce27e3a15a3a6d4f323d1c8496b5a9b73feb (diff)