Add.

1 files changed, 14 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index 3bd3f83622..4a16ac7757 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,20 @@ See the end for copying conditions.
 
 * Version 2.9.2 (unreleased)
 
+** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields.
+By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS
+into 1) not printing the entire CN/SAN field value when printing a
+certificate and 2) cause incorrect positive matches when matching a
+hostname against a certificate.  Combined with the fact that some CAs
+apparently have poor checking CN/SAN values and issue such (arguably
+incorrect) certificates, it can be used by attackers to become a MITM
+on server-authenticated TLS sessions.  The problem is mitigated since
+attackers needs to get one certificate per site they want to attack,
+and the attacker reveals his tracks by applying for a certificate at
+the CA.  Research presented independently by Dan Kaminsky and Moxie
+Marlinspike at BlackHat09.  Thanks to Tomas Hoger <thoger@redhat.com>
+for providing one part of the patch.  [GNUTLS-SA-2009-4].
+
 ** minitasn1: Internal copy updated to libtasn1 v2.3.
 
 ** libgnutls: Fix return value of gnutls_certificate_client_get_request_status.