apply J-PKAKE fix to HEAD (original by Ben)

author: Dr. Stephen Henson <steve@openssl.org> 2010-11-29 18:32:05 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2010-11-29 18:32:05 +0000
commit: 300b1d76fe27541c662ca606a6a201b2718e0c65 (patch)
tree: 8666b058ac74eeda00568cf1f17f76341436ac01 /CHANGES
parent: ae3fff50343705e9324d4a91af41ec843de9f3ed (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/CHANGES b/CHANGES
index b8e18dc1e2..6157a1ef0d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -123,7 +123,7 @@
      whose return value is often ignored. 
      [Steve Henson]
   
- Changes between 1.0.0b and 1.0.1  [xx XXX xxxx]
+ Changes between 1.0.0c and 1.0.1  [xx XXX xxxx]
 
   *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
      [Steve Henson]
@@ -162,7 +162,14 @@
        Add command line options to s_client/s_server.
      [Steve Henson]
 
- Changes between 1.0.0a and 1.0.0b  [xx XXX xxxx]
+ Changes between 1.0.0b and 1.0.0c  [xx XXX xxxx]
+
+  *) Fixed J-PAKE implementation error, originally discovered by
+     Sebastien Martini, further info and confirmation from Stefan
+     Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+     [Ben Laurie]
+
+ Changes between 1.0.0a and 1.0.0b  [16 Nov 2010]
 
   *) Fix extension code to avoid race conditions which can result in a buffer
      overrun vulnerability: resumed sessions must not be modified as they can
author	Dr. Stephen Henson <steve@openssl.org>	2010-11-29 18:32:05 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2010-11-29 18:32:05 +0000
commit	300b1d76fe27541c662ca606a6a201b2718e0c65 (patch)
tree	8666b058ac74eeda00568cf1f17f76341436ac01 /CHANGES
parent	ae3fff50343705e9324d4a91af41ec843de9f3ed (diff)