diff options
author | Simon Josefsson <simon@josefsson.org> | 2008-06-30 22:50:20 +0200 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2008-06-30 22:50:20 +0200 |
commit | a660311420f1e43792a350d371eba0ec11192ad6 (patch) | |
tree | 15ccbd77bc8e9d663cacb968a56735ba5768b0b3 | |
parent | 2ba8f9d7432a65c419561e04313d17453a604da4 (diff) | |
download | gnutls-a660311420f1e43792a350d371eba0ec11192ad6.tar.gz |
Add.
-rw-r--r-- | NEWS | 16 |
1 files changed, 13 insertions, 3 deletions
@@ -5,6 +5,18 @@ See the end for copying conditions. * Version 2.4.1 (unreleased) +** libgnutls: Fix local crash in gnutls_handshake. [GNUTLS-SA-2008-2] +If the gnutls_handshake function is called for a normal session, which +can happen for re-handshakes, the library would crash because it tried +to hash some data using a libgcrypt handle that had been deallocated. +Report and tiny patch from Tomas Mraz <tmraz@redhat.com>. Any updates +with more details about this vulnerability will be added to +<http://www.gnu.org/software/gnutls/security.html> + +** libgnutls: Fix memory leaks when doing a re-handshake. +Reported by Sam Varshavchik <mrsam@courier-mta.com> in +<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2928>. + ** Fix compiler warnings. Reported by Massimo Gaspari <massimo.gaspari@alice.it> in <http://permalink.gmane.org/gmane.network.gnutls.general/1281>. @@ -13,9 +25,7 @@ Reported by Massimo Gaspari <massimo.gaspari@alice.it> in Reported by Roman Bogorodskiy <novel@FreeBSD.org> in <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2930>. -** Fix memory leaks when doing a re-handshake. -Reported by Sam Varshavchik <mrsam@courier-mta.com> in -<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2928>. +** srptool: Fix a problem where --verify check does not succeed. ** API and ABI modifications: No changes since last version. |