Added credit and CVE number to security vulnerability fix in 2.0.6.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1001 e7ae566f-a301-0410-adde-c780ea21d3b5
2024-11-27 11:43:51 +08:00 · 2006-04-12 09:25:14 +00:00 · 2006-04-12 09:25:14 +00:00 · fc1f8ad57e
commit fc1f8ad57e
parent 35fd760fc7
1 changed files with 2 additions and 1 deletions
--- a/3
+++ b/3
@ -19,7 +19,8 @@ $Id$
  the attacker, and (e) the attacker has at least some level of
  pre-existing control over files on the client (this might be
  accomplished by having the server respond to a client web request
-  with a specially crafted file).
+  with a specially crafted file).  Credit: Hendrik Weimer.
+  CVE-2006-1629.

  The fix is to disallow "setenv" to be pushed to clients from
  the server, and to add a new directive "setenv-safe" which is