X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?a=blobdiff_plain;f=debian%2Fchangelog;h=e688c7fd26bd2ae592b983710e4bbbfaf07f98e3;hb=6c23d95c113c39a34c4a031618c19adef2060389;hp=ded7d3dec3efe9cb93ef10dd4bd99b3e84a0d5ef;hpb=cad616874fcc3bd565c2105eabff45c7bfc574c1;p=secnet.git

diff --git a/debian/changelog b/debian/changelog
index ded7d3d..e688c7f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,33 @@
+secnet (0.4.0~~iwj~) UNRELEASED; urgency=low
+
+  * wip.fuzz-slip-decoder branch
+  * wip.ipv6-3 branch
+  * wip.polypath branch
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Thu, 09 Oct 2014 19:19:05 +0100
+
+secnet (0.3.4) unstable; urgency=low
+
+  SECURITY FIX:
+  * The previous security fix to buffer handling was entirely wrong.  This
+    one is better.  Thanks to Simon Tatham for the report and the patch.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Mon, 22 Sep 2014 16:16:11 +0100
+
+secnet (0.3.3) unstable; urgency=high
+
+  SECURITY FIXES:
+  * Pass correct size argument to recvfrom.  This is a serious security
+    problem which may be exploitable from outside the VPN.
+  * Fix a memory leak in some error logging.
+
+  Other related fixes:
+  * Two other latent bugs in buffer length handling found and fixed.
+  * Non-critical stylistic improvements to buffer length handling, to make
+    the code clearer and to assist audit.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Fri, 19 Sep 2014 23:50:45 +0100
+
 secnet (0.3.3~beta1) unstable; urgency=low
 
   Installation compatibility fix: