diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2013-02-04 22:57:49 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-02-05 16:46:19 +0000 |
commit | 8a5d624d5b76c0c3cfdcf4f7fa35c22af7ccbbaa (patch) | |
tree | abd7e8e13a4fcdf8c7e493847593384f21dc35a9 /CHANGES | |
parent | ae4a75cecf5d804e0cf57c35b1b301457e7352b8 (diff) |
Update CHANGES and NEWS
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -4,6 +4,19 @@ Changes between 1.0.0j and 1.0.0k [xx XXX xxxx] + *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. + + This addresses the flaw in CBC record processing discovered by + Nadhem Alfardan and Kenny Paterson. Details of this attack can be found + at: http://www.isg.rhul.ac.uk/tls/ + + Thanks go to Nadhem Alfardan and Kenny Paterson of the Information + Security Group at Royal Holloway, University of London + (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and + Emilia Käsper for the initial patch. + (CVE-2013-0169) + [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] + *) Return an error when checking OCSP signatures when key is NULL. This fixes a DoS attack. (CVE-2013-0166) [Steve Henson] |