doc update [ci skip]

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-11-02 13:24:59 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-11-02 13:24:59 +0100
commit: bdf082467c69d8c2514d1f978365463a99304fec (patch)
tree: 5e9f417c7278a0d16111ca2048b023c0d3634e1c
parent: a4a4468cee153ed8e46cf9636916fc4cccbe606f (diff)
download: gnutls-bdf082467c69d8c2514d1f978365463a99304fec.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index bfe9474add..96c8cae102 100644
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,14 @@ See the end for copying conditions.
    in the gnutls_x509_crt_verify_data2() and gnutls_pkcs7_verify_direct()
    functions.
 
+** libgnutls: Set limits on the maximum number of alerts handled. That is,
+   applications using gnutls could be tricked into an busy loop if the
+   peer sends continuously alert messages. Applications which set a maximum
+   handshake time (via gnutls_handshake_set_timeout) will eventually recover
+   but others may remain in a busy loops indefinitely. This is related but
+   not identical to CVE-2016-8610, due to the difference in alert handling
+   of the libraries (gnutls delegates that handling to applications).
+
 ** libgnutls: Reverted the change which made the gnutls_certificate_set_*key* 
    functions return an index (introduced in 3.5.5), to avoid affecting programs
    which explicitly check success of the function as equality to zero. In order
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-11-02 13:24:59 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-11-02 13:24:59 +0100
commit	bdf082467c69d8c2514d1f978365463a99304fec (patch)
tree	5e9f417c7278a0d16111ca2048b023c0d3634e1c
parent	a4a4468cee153ed8e46cf9636916fc4cccbe606f (diff)
download	gnutls-bdf082467c69d8c2514d1f978365463a99304fec.tar.gz