Fix for TLS record tampering bug CVE-2013-4353

author: Dr. Stephen Henson <steve@openssl.org> 2014-01-06 14:35:04 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2014-01-06 14:35:04 +0000
commit: 197e0ea817ad64820789d86711d55ff50d71f631 (patch)
tree: f22cdea104aee6d013f40847f4e712280820d02a /CHANGES
parent: c776a3f398b1fd0d59e9247c0c4c6b79f5692b33 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 173be2465e..6494184bad 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 1.0.1e and 1.0.1f [xx XXX xxxx]
 
+  *) Fix for TLS record tampering bug. A carefully crafted invalid 
+     handshake could crash OpenSSL with a NULL pointer exception.
+     Thanks to Anton Johansson for reporting this issues.
+     (CVE-2013-4353)
+
   *) Keep original DTLS digest and encryption contexts in retransmission
      structures so we can use the previous session parameters if they need
      to be resent. (CVE-2013-6450)
author	Dr. Stephen Henson <steve@openssl.org>	2014-01-06 14:35:04 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2014-01-06 14:35:04 +0000
commit	197e0ea817ad64820789d86711d55ff50d71f631 (patch)
tree	f22cdea104aee6d013f40847f4e712280820d02a /CHANGES
parent	c776a3f398b1fd0d59e9247c0c4c6b79f5692b33 (diff)