Update from stable branch.

author: Dr. Stephen Henson <steve@openssl.org> 2009-03-25 12:53:50 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-03-25 12:53:50 +0000
commit: 80b2ff978d4f309cea71754ae6bcc01d6b36ea20 (patch)
tree: 300bb42ec133747cad21c09a1ab60a2a451cccaf /CHANGES
parent: 7ce8c95d58ded63f9b5d40d98d9329b2cc751827 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 024b05da11..1b034ceb31 100644
--- a/CHANGES
+++ b/CHANGES
@@ -751,6 +751,11 @@
 
  Changes between 0.9.8j and 0.9.8k  [xx XXX xxxx]
 
+  *) Fix bug where return value of CMS_SignerInfo_verify_content() was not
+     checked correctly. This would allow some invalid signed attributes to
+     appear to verify correctly. (CVE-2009-0591)
+     [Ivan Nestlerode <inestlerode@us.ibm.com>]
+
   *) Reject UniversalString and BMPString types with invalid lengths. This
      prevents a crash in ASN1_STRING_print_ex() which assumes the strings have
      a legal length. (CVE-2009-0590)
author	Dr. Stephen Henson <steve@openssl.org>	2009-03-25 12:53:50 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-03-25 12:53:50 +0000
commit	80b2ff978d4f309cea71754ae6bcc01d6b36ea20 (patch)
tree	300bb42ec133747cad21c09a1ab60a2a451cccaf /CHANGES
parent	7ce8c95d58ded63f9b5d40d98d9329b2cc751827 (diff)