Fix CVE-2010-0742

author: Dr. Stephen Henson <steve@openssl.org> 2010-06-01 14:39:57 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2010-06-01 14:39:57 +0000
commit: 82b6b541b1d9a3d644c96afa9ae44cc1f4c6040d (patch)
tree: 4f752dc9803217a4c42cddf948f0390939ffa5df /CHANGES
parent: 60a989a76e36002e0e5c6817beab53abcfce484e (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index a20fe1759c..2a1bc37a97 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.8n and 0.9.8o [xx XXX xxxx]
 
+  *) Correct a typo in the CMS ASN1 module which can result in invalid memory
+     access or freeing data twice (CVE-2010-0742)
+     [Steve Henson, Ronald Moesbergen <intercommit@gmail.com>]
+
   *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
      common in certificates and some applications which only call
      SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
author	Dr. Stephen Henson <steve@openssl.org>	2010-06-01 14:39:57 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2010-06-01 14:39:57 +0000
commit	82b6b541b1d9a3d644c96afa9ae44cc1f4c6040d (patch)
tree	4f752dc9803217a4c42cddf948f0390939ffa5df /CHANGES
parent	60a989a76e36002e0e5c6817beab53abcfce484e (diff)