From 8e4d81cca7e924bbbe62be055377d06e22d6f786 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon@josefsson.org>
Date: Mon, 19 May 2008 14:06:41 +0200
Subject: Add.

---
 NEWS | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/NEWS b/NEWS
index c023372d3f..613fb81994 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,32 @@ See the end for copying conditions.
 
 * Version 2.3.10 (unreleased)
 
+** Fix three security vulnerabilities.  [GNUTLS-SA-2008-1]
+Thanks to CERT-FI for finding the bugs and providing detailed reports,
+which allowed the bugs to be reproduced and fixed easily.  Patches
+developed by Simon Josefsson and Nikos Mavrogiannopoulos.  Any updates
+with more details about these vulnerabilities will be added to
+<http://www.gnu.org/software/gnutls/security.html>
+
+*** [GNUTLS-SA-2008-1-1]
+*** libgnutls: Fix crash when sending invalid server name.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server.  The bug
+cause gnutls to store more session resumption data than what was
+allocated for, thus overwriting unallocated memory.
+
+*** [GNUTLS-SA-2008-1-2]
+*** libgnutls: Fix crash when sending repeated client hellos.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server.  The bug
+triggers a null-pointer dereference.
+
+*** [GNUTLS-SA-2008-1-3]
+*** libgnutls: Fix crash in cipher padding decoding for invalid record lengths.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server.  The bug
+cause gnutls to read memory beyond the end of the received record.
+
 ** libgnutlsxx: Updated API according to patches from Eduardo 
 Villanueva Che (discussion at
 <http://lists.gnu.org/archive/html/gnutls-devel/2007-02/msg00017.html>)
-- 
cgit v1.2.1