doc update

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-11-02 16:03:30 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-11-02 16:03:30 +0100
commit: a6e60f61ba796aade41944f5b9d46cd50875aaca (patch)
tree: 3ed98db40ca37cbc36365699c38189b510e6135d
parent: 74a6b4860527a9198d7f926a855f773defac9d38 (diff)
download: gnutls-a6e60f61ba796aade41944f5b9d46cd50875aaca.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 69aead7d04..9604fa8e22 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,14 @@ See the end for copying conditions.
    in the gnutls_x509_crt_verify_data2() and gnutls_pkcs7_verify_direct()
    functions.
 
+** libgnutls: Set limits on the maximum number of alerts handled. That is,
+   applications using gnutls could be tricked into an busy loop if the
+   peer sends continuously alert messages. Applications which set a maximum
+   handshake time (via gnutls_handshake_set_timeout) will eventually recover
+   but others may remain in a busy loops indefinitely. This is related but
+   not identical to CVE-2016-8610, due to the difference in alert handling
+   of the libraries (gnutls delegates that handling to applications).
+
 ** API and ABI modifications:
 gnutls_pkcs7_get_embedded_data_oid: Added
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-11-02 16:03:30 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-11-02 16:03:30 +0100
commit	a6e60f61ba796aade41944f5b9d46cd50875aaca (patch)
tree	3ed98db40ca37cbc36365699c38189b510e6135d
parent	74a6b4860527a9198d7f926a855f773defac9d38 (diff)
download	gnutls-a6e60f61ba796aade41944f5b9d46cd50875aaca.tar.gz