diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2006-04-12 09:25:14 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2006-04-12 09:25:14 +0000 |
commit | fc1f8ad57ef746d7af2f88ed1739be3f14891dd1 (patch) | |
tree | 68c09340b8a0e076fb1b4d12685cc372801ffc69 /ChangeLog | |
parent | Version 2.1_beta12 released (diff) | |
download | openvpn-fc1f8ad57ef746d7af2f88ed1739be3f14891dd1.tar.xz |
Added credit and CVE number to security vulnerability fix in 2.0.6.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1001 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -19,7 +19,8 @@ $Id$ the attacker, and (e) the attacker has at least some level of pre-existing control over files on the client (this might be accomplished by having the server respond to a client web request - with a specially crafted file). + with a specially crafted file). Credit: Hendrik Weimer. + CVE-2006-1629. The fix is to disallow "setenv" to be pushed to clients from the server, and to add a new directive "setenv-safe" which is |