Fix memory leak while parsing some X.509 certs
diff --git a/ChangeLog b/ChangeLog
index 8e74c0b..84420b9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@
Security
* Lowest common hash was selected from signature_algorithms extension in
TLS 1.2 (found by Darren Bane) (introduced in 1.3.8).
+ * Remotely-triggerable memory leak when parsing some X.509 certificates
+ (server is not affected if it doesn't ask for a client certificate).
+ (Found using Codenomicon Defensics.)
Bugfix
* Support escaping of commas in x509_string_to_names()
@@ -36,6 +39,8 @@
* POLARSSL_MPI_MAX_SIZE now defaults to 1024 in order to allow 8192 bits
RSA keys.
* Accept spaces at end of line or end of buffer in base64_decode().
+ * X.509 certificates with more than one AttributeTypeAndValue per
+ RelativeDistinguishedName are not accepted any more.
= PolarSSL 1.3.8 released 2014-07-11
Security