===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.409
retrieving revision 1.410
diff -c -r1.409 -r1.410
*** www/security.html 2014/04/09 20:36:50 1.409
--- www/security.html 2014/04/12 17:39:57 1.410
***************
*** 238,243 ****
--- 238,246 ----
failure to check the server hostname when connecting to an https
website, allowing any trusted CA-signed certificate to impersonate
any other website.
+
April 12, 2014:
+ A use-after-free race condition in OpenSSL's read buffer may permit
+ an attacker to inject data from one connection into another.
***************
*** 261,266 ****
--- 264,272 ----
April 7, 2014:
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS
heartbeat extension (RFC6520) which can result in a leak of memory contents.
+ April 12, 2014:
+ A use-after-free race condition in OpenSSL's read buffer may permit
+ an attacker to inject data from one connection into another.
***************
*** 284,289 ****
--- 290,298 ----
April 7, 2014:
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS
heartbeat extension (RFC6520) which can result in a leak of memory contents.
+ April 12, 2014:
+ A use-after-free race condition in OpenSSL's read buffer may permit
+ an attacker to inject data from one connection into another.