aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog.d/ssl-mac-zeroize.txt
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog.d/ssl-mac-zeroize.txt')
-rw-r--r--ChangeLog.d/ssl-mac-zeroize.txt5
1 files changed, 5 insertions, 0 deletions
diff --git a/ChangeLog.d/ssl-mac-zeroize.txt b/ChangeLog.d/ssl-mac-zeroize.txt
new file mode 100644
index 0000000..b49c7ac
--- /dev/null
+++ b/ChangeLog.d/ssl-mac-zeroize.txt
@@ -0,0 +1,5 @@
+Security
+ * Zeroize intermediate variables used to calculate the MAC in CBC cipher
+ suites. This hardens the library in case stack memory leaks through a
+ memory disclosure vulnerabilty, which could formerly have allowed a
+ man-in-the-middle to inject fake ciphertext into a DTLS connection.
generated by cgit v1.1 at 2024-07-11 12:14:38 +0000