aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog16
1 files changed, 9 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index b7789e5..3259f5f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,9 +3,9 @@ Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
$Id$
-2005.10.31 -- Version 2.1-beta5
+2005.11.01 -- Version 2.1-beta6
-* Security fix (merged from 2.0.3) -- Affects non-Windows
+* Security fix (merged from 2.0.4) -- Affects non-Windows
OpenVPN clients of version 2.0 or higher which connect to
a malicious or compromised server. A format string
vulnerability in the foreign_option function in options.c
@@ -19,11 +19,13 @@ $Id$
and (c) the client indicates its willingness to accept
pushed options from the server by having "pull" or
"client" in its configuration file (Credit: Vade79).
-* Security fix (merged from 2.0.3) -- Potential DoS vulnerability
- on the server in TCP mode. If the TCP server accept() call
- returns an error status, the resulting exception handler
- may attempt to indirect through a NULL pointer, causing
- a segfault. Affects all OpenVPN 2.0 versions.
+ CVE-2005-3393
+* Security fix -- (merged from 2.0.4) Potential DoS
+ vulnerability on the server in TCP mode. If the TCP
+ server accept() call returns an error status, the resulting
+ exception handler may attempt to indirect through a NULL
+ pointer, causing a segfault. Affects all OpenVPN 2.0 versions.
+ CVE-2005-3409
* Fix attempt of assertion at multi.c:1586 (note that
this precise line number will vary across different
versions of OpenVPN).