diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-11-02 16:11:19 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-11-02 16:11:19 +0100 |
commit | 5f1c84a032bf67ee9ff9c6370965c3d776775da8 (patch) | |
tree | 28934883758685fd235b39e08009ce804de8594d | |
parent | 02d95898f840e8ad383e198715af802a66d4b85a (diff) | |
download | gnutls-5f1c84a032bf67ee9ff9c6370965c3d776775da8.tar.gz |
doc update
-rw-r--r-- | NEWS | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -8,6 +8,14 @@ See the end for copying conditions. ** libgnutls: Handle status request responses as optional (following RFC6066). +** libgnutls: Set limits on the maximum number of alerts handled. That is, + applications using gnutls could be tricked into an busy loop if the + peer sends continuously alert messages. Applications which set a maximum + handshake time (via gnutls_handshake_set_timeout) will eventually recover + but others may remain in a busy loops indefinitely. This is related but + not identical to CVE-2016-8610, due to the difference in alert handling + of the libraries (gnutls delegates that handling to applications). + ** API and ABI modifications: No changes since last version. |