aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2005-11-01 21:05:04 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2005-11-01 21:05:04 +0000
commit76a59eae43d2a1d08c6dae855b57625008c44cca (patch)
tree6c438bd05ebb9c7fe48d84c7956c5335fe462d94 /ChangeLog
parentVERSION 2.1_beta5 (diff)
downloadopenvpn-76a59eae43d2a1d08c6dae855b57625008c44cca.tar.xz
Merged 2.0.4 changes.
svn merge -r 737:749 $SO/trunk/openvpn git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@750 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r--ChangeLog16
1 files changed, 9 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index b7789e5..3259f5f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,9 +3,9 @@ Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
$Id$
-2005.10.31 -- Version 2.1-beta5
+2005.11.01 -- Version 2.1-beta6
-* Security fix (merged from 2.0.3) -- Affects non-Windows
+* Security fix (merged from 2.0.4) -- Affects non-Windows
OpenVPN clients of version 2.0 or higher which connect to
a malicious or compromised server. A format string
vulnerability in the foreign_option function in options.c
@@ -19,11 +19,13 @@ $Id$
and (c) the client indicates its willingness to accept
pushed options from the server by having "pull" or
"client" in its configuration file (Credit: Vade79).
-* Security fix (merged from 2.0.3) -- Potential DoS vulnerability
- on the server in TCP mode. If the TCP server accept() call
- returns an error status, the resulting exception handler
- may attempt to indirect through a NULL pointer, causing
- a segfault. Affects all OpenVPN 2.0 versions.
+ CVE-2005-3393
+* Security fix -- (merged from 2.0.4) Potential DoS
+ vulnerability on the server in TCP mode. If the TCP
+ server accept() call returns an error status, the resulting
+ exception handler may attempt to indirect through a NULL
+ pointer, causing a segfault. Affects all OpenVPN 2.0 versions.
+ CVE-2005-3409
* Fix attempt of assertion at multi.c:1586 (note that
this precise line number will vary across different
versions of OpenVPN).