Fix double free in policy check code (CVE-2011-4109)

author: Dr. Stephen Henson <steve@openssl.org> 2012-01-04 19:00:28 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-01-04 19:00:28 +0000
commit: 1db0bbdc76cfd715b60a155220328c15409cf1aa (patch)
tree: 4d0dd8ae3632d450a84e9d5a1776af77ba758ae8 /CHANGES
parent: e643112dd8166ec64885d22b147ff17b206941b8 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index ae0b41c843..cf32f605eb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]
 
+  *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109)
+     [Ben Laurie, Kasper <ekasper@google.com>]
+
   *) Clear bytes used for block padding of SSL 3.0 records.
      (CVE-2011-4576)
      [Adam Langley (Google)]
author	Dr. Stephen Henson <steve@openssl.org>	2012-01-04 19:00:28 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-01-04 19:00:28 +0000
commit	1db0bbdc76cfd715b60a155220328c15409cf1aa (patch)
tree	4d0dd8ae3632d450a84e9d5a1776af77ba758ae8 /CHANGES
parent	e643112dd8166ec64885d22b147ff17b206941b8 (diff)