diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-11-02 16:03:30 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-11-02 16:03:30 +0100 |
commit | a6e60f61ba796aade41944f5b9d46cd50875aaca (patch) | |
tree | 3ed98db40ca37cbc36365699c38189b510e6135d | |
parent | 74a6b4860527a9198d7f926a855f773defac9d38 (diff) | |
download | gnutls-a6e60f61ba796aade41944f5b9d46cd50875aaca.tar.gz |
doc update
-rw-r--r-- | NEWS | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -9,6 +9,14 @@ See the end for copying conditions. in the gnutls_x509_crt_verify_data2() and gnutls_pkcs7_verify_direct() functions. +** libgnutls: Set limits on the maximum number of alerts handled. That is, + applications using gnutls could be tricked into an busy loop if the + peer sends continuously alert messages. Applications which set a maximum + handshake time (via gnutls_handshake_set_timeout) will eventually recover + but others may remain in a busy loops indefinitely. This is related but + not identical to CVE-2016-8610, due to the difference in alert handling + of the libraries (gnutls delegates that handling to applications). + ** API and ABI modifications: gnutls_pkcs7_get_embedded_data_oid: Added |