Clarify ChangeLog for #569

This commit is contained in:
Simon Butcher 2017-02-28 18:47:27 +00:00
parent 7dadc2f259
commit 71e9d58dc2

View file

@ -11,14 +11,11 @@ Security
* Removed MD5 from the allowed hash algorithms for CertificateRequest and * Removed MD5 from the allowed hash algorithms for CertificateRequest and
CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2. CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2.
Introduced by interoperability fix for #513. Introduced by interoperability fix for #513.
Security
* Fixed a bug that caused freeing a buffer that was allocated on the stack, * Fixed a bug that caused freeing a buffer that was allocated on the stack,
when verifying the validity of a key on secp224k1. This could be when verifying the validity of a key on secp224k1. This could be
triggered remotely for example with a maliciously constructed certificate triggered remotely for example with a maliciously constructed certificate
and might have led to remote code execution on some exotic embedded and potentially could lead to remote code execution on some platforms.
platforms. Reported independently by rongsaws and Regina Wilson. Reported independently by rongsaws and Regina Wilson. #569 CVE-2017-2784
CVE-2017-2784
Bugfix Bugfix
* Fix output certificate verification flags set by x509_crt_verify_top() when * Fix output certificate verification flags set by x509_crt_verify_top() when