Actually merge the CVE-2011-2778 log entry into ChangeLog

2011-12-15 13:14:50 -05:00 · 2011-12-15 13:14:50 -05:00 · 796563f7f3
parent 7264e0d880
commit 796563f7f3
1 changed files with 4 additions and 0 deletions
--- a/4
+++ b/4
@ -32,6 +32,10 @@ Changes in version 0.2.2.35 - 2011-12-16
  longer receive support after some time in early 2011.

  o Major bugfixes:
+    - Fix a heap overflow bug that could occur when trying to pull
+      data into the first chunk of a buffer, when that chunk had
+      already had some data drained from it. Fixes CVE-2011-2778;
+      bugfix on 0.2.0.16-alpha. Reported by "Vektor".
    - Initialize Libevent with the EVENT_BASE_FLAG_NOLOCK flag enabled, so
      that it doesn't attempt to allocate a socketpair. This could cause
      some problems on Windows systems with overzealous firewalls. Fix for