mention buffer overflows fixed

diff --git a/CHANGES b/CHANGES
index 55a4a72dbdd0020b1dac211d685f9c72d77b5c6f..b00a20208ea008532eb4591afd8c3a43f37d132e 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,14 @@
                                   Changelog
 
 
+Daniel (22 February 2005)
+- NTLM and ftp-krb4 buffer overflow fixed, as reported here:
+  http://www.securityfocus.com/archive/1/391042 and the CAN report here:
+  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490
+
+  If these security guys were serious, we'd been notified in advance and we
+  could've saved a few of you a little surprise, but now we weren't.
+
 Daniel (19 February 2005)
 - Ralph Mitchell reported a flaw when you used a proxy with auth, and you
   requested data from a host and then followed a redirect to another

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 40aaecce04707d64df0b5d2123c246c4b2abddbf..b0371c91c5ca654ca2436b6568b906b3c9d20948 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -16,6 +16,7 @@ This release includes the following changes:
 
 This release includes the following bugfixes:
 
+ o NTLM/krb4 buffer overflow fixed (CAN-2005-0490)
  o proxy auth bug when following redirects to another host
  o socket leak when local bind failed
  o HTTP POST with --anyauth picking NTLM