Google Git
Sign in
flutter/third_party/openssl/88f2a4cf9ced521e2c2874a1c32af0eeaa027f40^!/./CHANGES
commit
88f2a4cf9ced521e2c2874a1c32af0eeaa027f40
[log]
author
Bodo Möller <bodo@openssl.org>
Thu Feb 03 10:43:00 2011 +0000
committer
Bodo Möller <bodo@openssl.org>
Thu Feb 03 10:43:00 2011 +0000
tree
c47e75369abcbb8f1630033e0cceadce3395c693
parent
9d0397e9779524745018d03a8f938905898dfffb [diff] [blame]
CVE-2010-4180 fix (from OpenSSL_1_0_0-stable)

diff --git a/CHANGES b/CHANGES
index 7c44f0d..f063349 100644
--- a/CHANGES
+++ b/CHANGES

@@ -175,6 +175,11 @@
 
  Changes between 1.0.0b and 1.0.0c  [2 Dec 2010]
 
+  *) Disable code workaround for ancient and obsolete Netscape browsers
+     and servers: an attacker can use it in a ciphersuite downgrade attack.
+     Thanks to Martin Rex for discovering this bug. CVE-2010-4180
+     [Steve Henson]
+
   *) Fixed J-PAKE implementation error, originally discovered by
      Sebastien Martini, further info and confirmation from Stefan
      Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252