===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.409
retrieving revision 1.410
diff -u -r1.409 -r1.410
--- www/security.html 2014/04/09 20:36:50 1.409
+++ www/security.html 2014/04/12 17:39:57 1.410
@@ -238,6 +238,9 @@
failure to check the server hostname when connecting to an https
website, allowing any trusted CA-signed certificate to impersonate
any other website.
+
April 12, 2014:
+ A use-after-free race condition in OpenSSL's read buffer may permit
+ an attacker to inject data from one connection into another.
@@ -261,6 +264,9 @@
April 7, 2014:
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS
heartbeat extension (RFC6520) which can result in a leak of memory contents.
+April 12, 2014:
+ A use-after-free race condition in OpenSSL's read buffer may permit
+ an attacker to inject data from one connection into another.
@@ -284,6 +290,9 @@
April 7, 2014:
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS
heartbeat extension (RFC6520) which can result in a leak of memory contents.
+April 12, 2014:
+ A use-after-free race condition in OpenSSL's read buffer may permit
+ an attacker to inject data from one connection into another.