summaryrefslogtreecommitdiff
path: root/NEWS
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2019-03-08 20:17:49 +0100
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2019-03-08 20:17:52 +0100
commit0c1f69f943480dea2724a74285a0b409ec85546b (patch)
treeff57c92e5050556e747ccf34102ceaec9ef0ffc9 /NEWS
parent5e853baa5d8366de033d869821b796a7aa646f21 (diff)
downloadgnutls-0c1f69f943480dea2724a74285a0b409ec85546b.tar.gz
NEWS: fix NEWS entries [ci skip]
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS8
1 files changed, 0 insertions, 8 deletions
diff --git a/NEWS b/NEWS
index 4d38bd9a0e..26486008f5 100644
--- a/NEWS
+++ b/NEWS
@@ -12,14 +12,6 @@ See the end for copying conditions.
double free issues. Use-after-free will be turned into NULL dereference.
The counter-measure does not extend to applications using gnutls_free().
-** libgnutls, gnutls tools: Every gnutls_free() will automatically set
- the free'd pointer to NULL. This prevents possible use-after-free and
- double free issues. Use-after-free will be turned into NULL dereference,
- effectively turning harmful attacks like remote-code-executions (RCE) into
- segmentation faults. Double frees may also be used to achieve RCEs - turning
- them into no-ops counter measures this attack at this point.
- This measurement is only active when building libgnutls and the gnutls tools.
-
** libgnutls: enforce key usage limitations on certificates more actively.
Previously we would enforce it for TLS1.2 protocol, now we enforce it
even when TLS1.3 is negotiated, or on client certificates as well. When