K 10
svn:author
V 3
osa
K 8
svn:date
V 27
2014-09-16T17:47:47.647185Z
K 7
svn:log
V 538
Security update from 1.6.1 to 1.6.2.

<ChangeLog>

*) Security: it was possible to reuse SSL sessions in unrelated contexts
   if a shared SSL session cache or the same TLS session ticket key was
   used for multiple "server" blocks (CVE-2014-3616).
   Thanks to Antoine Delignat-Lavaud.

*) Bugfix: requests might hang if resolver was used and a DNS server
   returned a malformed response; the bug had appeared in 1.5.8.

*) Bugfix: requests might hang if resolver was used and a timeout
   occurred during a DNS request.

</ChangeLog>

END