commit 5cb4b310571d9ff273e95e99379c95ac387c0ce6
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Nov 25 17:41:50 2014 +0100
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Jan 13 14:58:00 2015 +0100
tree 67b2a4a87c9ab4bce0e0f839d1d11a8b104b8adb
parent f5f25b3a0db2fd54f423166f673475b27769e0f6

Fix missing bound check

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 89c87e0..8370738 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,10 @@
    * Add support for Extended Master Secret (draft-ietf-tls-session-hash)
    * Add support for Encrypt-then-MAC (RFC 7366)
 
+Bugfix
+   * Stack buffer overflow if ctr_drbg_update() is called with too large
+     add_len (found by Jean-Philippe Aumasson) (not triggerable remotely).
+
 = PolarSSL 1.3.9 released 2014-10-20
 Security
    * Lowest common hash was selected from signature_algorithms extension in