Fix BER integer overflow (CVE-2016-9132)

author: Jack Lloyd <[email protected]> 2016-11-28 05:51:53 -0500
committer: Jack Lloyd <[email protected]> 2016-11-28 05:51:53 -0500
commit: 8fce1edc0214b1149cbf4723322714f2e22032eb (patch)
tree: 1f5f56768ac821df8e62f86bfca8ad2e85cfc780 /doc/log.txt
parent: 47e7c44c13a062f09649234475b9ded541e5283a (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/doc/log.txt b/doc/log.txt
index f4bd83498..7f3477a6b 100644
--- a/doc/log.txt
+++ b/doc/log.txt
@@ -7,9 +7,19 @@ Release Notes
 Series 1.10
 ----------------------------------------
 
-Version 1.10.14, Not Yet Released
+Version 1.10.14, 2016-11-28
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
+* NOTE WELL: Botan 1.10.x is supported for security patches only until
+  2017-12-31
+
+* Fix integer overflow during BER decoding, found by Falko Strenzke.
+  This bug is not thought to be directly exploitable but upgrading ASAP
+  is advised. (CVE-2016-9132)
+
+* Fix two cases where (in error situations) an exception would be
+  thrown from a destructor, causing a call to std::terminate.
+
 * When RC4 is disabled in the build, also prevent it from being
   included in the OpenSSL provider. (GH #638)
author	Jack Lloyd <[email protected]>	2016-11-28 05:51:53 -0500
committer	Jack Lloyd <[email protected]>	2016-11-28 05:51:53 -0500
commit	8fce1edc0214b1149cbf4723322714f2e22032eb (patch)
tree	1f5f56768ac821df8e62f86bfca8ad2e85cfc780 /doc/log.txt
parent	47e7c44c13a062f09649234475b9ded541e5283a (diff)