Fix bug in CVE-2011-4619: check we have really received a client hello

before rejecting multiple SGC restarts.
author: Dr. Stephen Henson <steve@openssl.org> 2012-02-16 15:26:04 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-02-16 15:26:04 +0000
commit: 206310c3056847fef7e657879f05a09763c2131e (patch)
tree: a3595ef121ce9592257a5a61bbcbbbda03c4ce79 /CHANGES
parent: 5863163732ed5ba89d1aa6536e733d01f4187fce (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index a45aa8af1a..77f9e0dfa7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -548,6 +548,13 @@
        Add command line options to s_client/s_server.
      [Steve Henson]
 
+ Changes between 1.0.0g and 1.0.0h [xx XXX xxxx]
+
+  *) Fix CVE-2011-4619: make sure we really are receiving a 
+     client hello before rejecting multiple SGC restarts. Thanks to
+     Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
+     [Steve Henson]
+
  Changes between 1.0.0f and 1.0.0g [18 Jan 2012]
 
   *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
author	Dr. Stephen Henson <steve@openssl.org>	2012-02-16 15:26:04 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-02-16 15:26:04 +0000
commit	206310c3056847fef7e657879f05a09763c2131e (patch)
tree	a3595ef121ce9592257a5a61bbcbbbda03c4ce79 /CHANGES
parent	5863163732ed5ba89d1aa6536e733d01f4187fce (diff)