Fix.

author: Simon Josefsson <simon@josefsson.org> 2006-08-11 23:03:06 +0000
committer: Simon Josefsson <simon@josefsson.org> 2006-08-11 23:03:06 +0000
commit: e8681c22588bd69ad0ed715553c67600576d2a81 (patch)
tree: de6833d78a8a8295a0ea1f53336c3c4d04eba2e5
parent: 50d8fbbbbd137e0bbf00fd11b28607b13c741ab5 (diff)
download: gnutls-e8681c22588bd69ad0ed715553c67600576d2a81.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/NEWS b/NEWS
index 5aad963d74..ec1e6fd673 100644
--- a/NEWS
+++ b/NEWS
@@ -9,8 +9,12 @@ See the end for copying conditions.
 This can happen if you call gnutls_certificate_verify_peers2 and have
 a certain mix of local CA certificates and the peer send special
 certificates, that together trigger certain behaviour.  It is not
-known whether the crash can be triggered without the special local CA
-certificate.  Reported by satyakumar <satyam_kkd@hyd.hellosoft.com>.
+known at this point whether the crash can be triggered without the
+special local CA certificate, and thus turn this into a remote crash
+of clients that verify server certificates when they talk to a server
+with the special server certificate.  See GNUTLS-SA-2006-2 on
+http://www.gnu.org/software/gnutls/security.html for more up to date
+information.  Reported by satyakumar <satyam_kkd@hyd.hellosoft.com>.
 
 ** Change SRP and Cert-Type extensions to match IANA registry.
author	Simon Josefsson <simon@josefsson.org>	2006-08-11 23:03:06 +0000
committer	Simon Josefsson <simon@josefsson.org>	2006-08-11 23:03:06 +0000
commit	e8681c22588bd69ad0ed715553c67600576d2a81 (patch)
tree	de6833d78a8a8295a0ea1f53336c3c4d04eba2e5
parent	50d8fbbbbd137e0bbf00fd11b28607b13c741ab5 (diff)
download	gnutls-e8681c22588bd69ad0ed715553c67600576d2a81.tar.gz