Merged 2.0.4 changes.

svn merge -r 737:749 $SO/trunk/openvpn


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@750 e7ae566f-a301-0410-adde-c780ea21d3b5

1 files changed, 9 insertions, 7 deletions

diff --git a/ChangeLog b/ChangeLog
index b7789e5..3259f5f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,9 +3,9 @@ Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
 
 $Id$
 
-2005.10.31 -- Version 2.1-beta5
+2005.11.01 -- Version 2.1-beta6
 
-* Security fix (merged from 2.0.3) -- Affects non-Windows
+* Security fix (merged from 2.0.4) -- Affects non-Windows
   OpenVPN clients of version 2.0 or higher which connect to
   a malicious or compromised server.  A format string
   vulnerability in the foreign_option function in options.c
@@ -19,11 +19,13 @@ $Id$
   and (c) the client indicates its willingness to accept
   pushed options from the server by having "pull" or
   "client" in its configuration file (Credit: Vade79).
-* Security fix (merged from 2.0.3) -- Potential DoS vulnerability
-  on the server in TCP mode.  If the TCP server accept() call
-  returns an error status, the resulting exception handler
-  may attempt to indirect through a NULL pointer, causing
-  a segfault.  Affects all OpenVPN 2.0 versions.
+  CVE-2005-3393
+* Security fix -- (merged from 2.0.4) Potential DoS
+  vulnerability on the server in TCP mode.  If the TCP
+  server accept() call returns an error status, the resulting
+  exception handler may attempt to indirect through a NULL
+  pointer, causing a segfault.  Affects all OpenVPN 2.0 versions.
+  CVE-2005-3409
 * Fix attempt of assertion at multi.c:1586 (note that
   this precise line number will vary across different
   versions of OpenVPN).