Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)

author: Dr. Stephen Henson <steve@openssl.org> 2012-01-04 23:01:54 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-01-04 23:01:54 +0000
commit: be71c37296b3ba43c944eaa220ac62413782bad3 (patch)
tree: 490c5bae5461404b4a5d7bd2c0608a99a3a2db1f /CHANGES
parent: 0015572372faae200f258081616ffcfec4eef95a (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 9d7575a2a0..7c31eadb7a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -261,6 +261,11 @@
   *) Add support for SCTP.
      [Robin Seggelmann <seggelmann@fh-muenster.de>]
 
+  *) Prevent malformed RFC3779 data triggering an assertion failure.
+     Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
+     and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
+     [Rob Austein <sra@hactrn.net>]
+
   *) Improved PRNG seeding for VOS.
      [Paul Green <Paul.Green@stratus.com>]
author	Dr. Stephen Henson <steve@openssl.org>	2012-01-04 23:01:54 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-01-04 23:01:54 +0000
commit	be71c37296b3ba43c944eaa220ac62413782bad3 (patch)
tree	490c5bae5461404b4a5d7bd2c0608a99a3a2db1f /CHANGES
parent	0015572372faae200f258081616ffcfec4eef95a (diff)