Fix ASN.1 parsing of certain invalid structures that can result

in a denial of service.  (CVE-2006-2937)  [Steve Henson]

1 files changed, 3 insertions, 0 deletions

diff --git a/CHANGES b/CHANGES
index 11988efbf9..6b26b19b1b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 0.9.8d and 0.9.9  [xx XXX xxxx]
 
+  *) Fix ASN.1 parsing of certain invalid structures that can result
+     in a denial of service.  (CVE-2006-2937)  [Steve Henson]
+
   *) Fix buffer overflow in SSL_get_shared_ciphers() function.
      (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]