From 30518280f1356465f0acfdb4816843b61303a633 Mon Sep 17 00:00:00 2001
From: Jeff Forcier <jeff@bitprophet.org>
Date: Fri, 14 Feb 2014 11:53:42 -0800
Subject: Changelog re hash comparison bugfix

---
 sites/www/changelog.rst | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'sites/www/changelog.rst')

diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index c26b996c..fa58c5f6 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,10 @@
 Changelog
 =========
 
+* :bug:`-` Use constant-time hash comparison operations where possible, to
+  protect against `timing-based attacks
+  <http://codahale.com/a-lesson-in-timing-attacks/>`_. Thanks to Alex Gaynor
+  for the patch.
 * :release:`1.10.6 <2014-02-14>`
 * :bug:`34` (PR :issue:`35`) Fix SFTP prefetching incompatibility with some
   SFTP servers regarding request/response ordering. Thanks to Richard
-- 
cgit v1.2.3