commit: r1689 - in neon/branches/0.28.x: . macros
joe at manyfish.co.uk
joe at manyfish.co.uk
Tue Aug 18 10:24:08 EDT 2009
Author: joe
Date: Tue Aug 18 07:24:08 2009
New Revision: 1689
Modified:
neon/branches/0.28.x/NEWS
neon/branches/0.28.x/macros/neon.m4
Log:
* macros/neon.m4, NEWS: Prepare for 0.28.6.
Modified: neon/branches/0.28.x/NEWS
==============================================================================
--- neon/branches/0.28.x/NEWS (original)
+++ neon/branches/0.28.x/NEWS Tue Aug 18 07:24:08 2009
@@ -1,3 +1,10 @@
+Changes in release 0.28.6:
+* SECURITY (CVE-2009-2473): Fix "billion laughs" attack against expat;
+ could allow a Denial of Service attack by a malicious server.
+* SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in
+ a certificate subject name with OpenSSL; could allow an undetected
+ MITM attack against an SSL server if a trusted CA issues such a cert.
+
Changes in release 0.28.5:
* Enable support for X.509v1 CA certificates in GnuTLS.
* Fix handling of EINTR in connect() calls.
Modified: neon/branches/0.28.x/macros/neon.m4
==============================================================================
--- neon/branches/0.28.x/macros/neon.m4 (original)
+++ neon/branches/0.28.x/macros/neon.m4 Tue Aug 18 07:24:08 2009
@@ -137,7 +137,7 @@
# Define the current versions.
NE_VERSION_MAJOR=0
NE_VERSION_MINOR=28
-NE_VERSION_PATCH=5
+NE_VERSION_PATCH=6
NE_VERSION_TAG=
# 0.28.x is backwards-compatible with 0.27.x, so AGE=1
More information about the neon-commits
mailing list