Imported Upstream version 4.12upstream/4.12

1 files changed, 19 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index 65550aa..6d6a309 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,24 @@
 GNU Libtasn1 NEWS                                     -*- outline -*-
 
+* Noteworthy changes in release 4.12 (released 2017-05-29) [stable]
+- Corrected so-name version
+
+* Noteworthy changes in release 4.11 (released 2017-05-27) [stable]
+- Introduced the ASN1_TIME_ENCODING_ERROR error code to indicate
+  an invalid encoding in the DER time fields.
+- Introduced flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME. This flag
+  allows decoding errors in time fields even when in strict DER mode.
+  That is introduced in order to allow toleration of invalid times in
+  X.509 certificates (which are common) even though strict DER adherence
+  is enforced in other fields.
+- Added safety check in asn1_find_node(). That prevents a crash
+  when a very long variable name is provided by the developer.
+  Note that this to be exploited requires controlling the ASN.1
+  definitions used by the developer, i.e., the 'name' parameter of
+  asn1_write_value() or asn1_read_value(). The library is
+  not designed to protect against malicious manipulation of the
+  developer assigned variable names. Reported by Jakub Jirasek.
+
 * Noteworthy changes in release 4.10 (released 2017-01-16) [stable]
 - Updated gnulib
 - Removed -Werror from default compiler flags