Added credit and CVE number to security vulnerability fix in 2.0.6.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1001 e7ae566f-a301-0410-adde-c780ea21d3b5
author: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> 2006-04-12 09:25:14 +0000
committer: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> 2006-04-12 09:25:14 +0000
commit: fc1f8ad57ef746d7af2f88ed1739be3f14891dd1 (patch)
tree: 68c09340b8a0e076fb1b4d12685cc372801ffc69
parent: 35fd760fc767dd688df5c137c3a947e8ddc5de7a (diff)
download: openvpn-fc1f8ad57ef746d7af2f88ed1739be3f14891dd1.tar.gz
openvpn-fc1f8ad57ef746d7af2f88ed1739be3f14891dd1.tar.xz
openvpn-fc1f8ad57ef746d7af2f88ed1739be3f14891dd1.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index aca3c3f..585a903 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,7 +19,8 @@ $Id$
   the attacker, and (e) the attacker has at least some level of
   pre-existing control over files on the client (this might be
   accomplished by having the server respond to a client web request
-  with a specially crafted file).
+  with a specially crafted file).  Credit: Hendrik Weimer.
+  CVE-2006-1629.
 
   The fix is to disallow "setenv" to be pushed to clients from
   the server, and to add a new directive "setenv-safe" which is
author	james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>	2006-04-12 09:25:14 +0000
committer	james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>	2006-04-12 09:25:14 +0000
commit	fc1f8ad57ef746d7af2f88ed1739be3f14891dd1 (patch)
tree	68c09340b8a0e076fb1b4d12685cc372801ffc69
parent	35fd760fc767dd688df5c137c3a947e8ddc5de7a (diff)
download	openvpn-fc1f8ad57ef746d7af2f88ed1739be3f14891dd1.tar.gz openvpn-fc1f8ad57ef746d7af2f88ed1739be3f14891dd1.tar.xz openvpn-fc1f8ad57ef746d7af2f88ed1739be3f14891dd1.zip