Fix uninitialised pointer dereference

commit: d3ae43024135ef8acb2f44a106c2acbb50163844 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Nov 11 22:17:26 2014 +0100
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Nov 17 11:01:08 2014 +0100
tree: 68eb002be56dc3eaead3fa6f839b61b1f2958d28
parent: d730aa517a8dec8fe42643cb613256183346a963 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index a547e26..cae2e05 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -2,6 +2,11 @@
 
 = Version 1.2.z released not yet
 
+Security
+   * Fix remotely-triggerable uninitialised pointer dereference caused by
+     crafted X.509 certificate (TLS server is not affected if it doesn't ask
+     for a client certificate) (found using Codenomicon Defensics).
+
 Changes
    * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
commit	d3ae43024135ef8acb2f44a106c2acbb50163844	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Tue Nov 11 22:17:26 2014 +0100
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Nov 17 11:01:08 2014 +0100
tree	68eb002be56dc3eaead3fa6f839b61b1f2958d28
parent	d730aa517a8dec8fe42643cb613256183346a963 [diff] [blame]