Edit OpenVPN 2.3.1 entry:

 - Replace links to changelog and commit with a link to the official
   announcement (which also links to the commit)

 - Replace the description with a sentence lifted from the
   announcement.

Approved by:	portmgr (tabthorpe)

1 files changed, 4 insertions, 4 deletions

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 1366a6e6aee5..86329930dca5 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -497,14 +497,14 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The OpenVPN project reports:</p>
 	<blockquote cite="https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.1">
-	  <p>[OpenVPN 2.3.1 adds a fix to prevent potential side-channel
-	    attacks by switching to a] constant time memcmp when comparing HMACs in [the] openvpn_decrypt [function].</p>
+	  <p>OpenVPN 2.3.0 and earlier running in UDP mode are subject
+	    to chosen ciphertext injection due to a non-constant-time
+	    HMAC comparison function.</p>
 	</blockquote>
       </body>
     </description>
     <references>
-      <url>https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.1</url>
-      <url>http://openvpn.git.sourceforge.net/git/gitweb.cgi?p=openvpn/openvpn-testing.git;a=commit;h=11d21349a4e7e38a025849479b36ace7c2eec2ee</url>
+      <url>https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc</url>
     </references>
     <dates>
       <discovery>2013-03-19</discovery>