aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2006-04-12 09:25:14 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2006-04-12 09:25:14 +0000
commitfc1f8ad57ef746d7af2f88ed1739be3f14891dd1 (patch)
tree68c09340b8a0e076fb1b4d12685cc372801ffc69 /ChangeLog
parentVersion 2.1_beta12 released (diff)
downloadopenvpn-fc1f8ad57ef746d7af2f88ed1739be3f14891dd1.tar.xz
Added credit and CVE number to security vulnerability fix in 2.0.6.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1001 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog3
1 files changed, 2 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index aca3c3f..585a903 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,7 +19,8 @@ $Id$
the attacker, and (e) the attacker has at least some level of
pre-existing control over files on the client (this might be
accomplished by having the server respond to a client web request
- with a specially crafted file).
+ with a specially crafted file). Credit: Hendrik Weimer.
+ CVE-2006-1629.
The fix is to disallow "setenv" to be pushed to clients from
the server, and to add a new directive "setenv-safe" which is