From 88f2a4cf9ced521e2c2874a1c32af0eeaa027f40 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Thu, 3 Feb 2011 10:43:00 +0000
Subject: CVE-2010-4180 fix (from OpenSSL_1_0_0-stable)

---
 CHANGES | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'CHANGES')

diff --git a/CHANGES b/CHANGES
index 7c44f0d989..f063349a84 100644
--- a/CHANGES
+++ b/CHANGES
@@ -175,6 +175,11 @@
 
  Changes between 1.0.0b and 1.0.0c  [2 Dec 2010]
 
+  *) Disable code workaround for ancient and obsolete Netscape browsers
+     and servers: an attacker can use it in a ciphersuite downgrade attack.
+     Thanks to Martin Rex for discovering this bug. CVE-2010-4180
+     [Steve Henson]
+
   *) Fixed J-PAKE implementation error, originally discovered by
      Sebastien Martini, further info and confirmation from Stefan
      Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
-- 
cgit v1.2.3