diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-12-02 18:49:28 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-12-02 18:49:28 +0000 |
commit | 7890b562bc6801acc2e364d127fd038aa03f523e (patch) | |
tree | 0d5ce158e709c97f90d3b6595130f7a0e844f610 /CHANGES | |
parent | 7258d33794c4269085a09f96bcf546e78b61bcb5 (diff) |
fix for CVE-2010-4180
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -4,6 +4,11 @@ Changes between 0.9.8p and 0.9.8q [xx XXX xxxx] + *) Disable code workaround for ancient and obsolete Netscape browsers + and servers: an attacker can use it in a ciphersuite downgrade attack. + Thanks to Martin Rex for discovering this bug. CVE-2010-4180 + [Steve Henson] + *) Fixed J-PAKE implementation error, originally discovered by Sebastien Martini, further info and confirmation from Stefan Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252 |