diff options
| author | marha <marha@users.sourceforge.net> | 2011-09-30 08:46:36 +0200 |
|---|---|---|
| committer | marha <marha@users.sourceforge.net> | 2011-09-30 08:46:36 +0200 |
| commit | 73d82f7ac0d1add2697128c2e26c2432ffe172a5 (patch) | |
| tree | c6436b57a2191c57320396c37449109ebad745ec /openssl/CHANGES | |
| parent | 4a9e1f51655e03da1507dabce7c4c3960e7ca607 (diff) | |
| parent | 60adbfdea1ee754341d64454274e7aa83bae8971 (diff) | |
| download | vcxsrv-73d82f7ac0d1add2697128c2e26c2432ffe172a5.tar.gz vcxsrv-73d82f7ac0d1add2697128c2e26c2432ffe172a5.tar.bz2 vcxsrv-73d82f7ac0d1add2697128c2e26c2432ffe172a5.zip | |
Merge remote-tracking branch 'origin/released'
Conflicts:
openssl/Makefile
Diffstat (limited to 'openssl/CHANGES')
| -rw-r--r-- | openssl/CHANGES | 43 |
1 files changed, 42 insertions, 1 deletions
diff --git a/openssl/CHANGES b/openssl/CHANGES index 5cae85c9c..a0de5abb6 100644 --- a/openssl/CHANGES +++ b/openssl/CHANGES @@ -2,6 +2,31 @@ OpenSSL CHANGES _______________ + Changes between 1.0.0d and 1.0.0e [6 Sep 2011] + + *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted + by initialising X509_STORE_CTX properly. (CVE-2011-3207) + [Kaspar Brand <ossl@velox.ch>] + + *) Fix SSL memory handling for (EC)DH ciphersuites, in particular + for multi-threaded use of ECDH. (CVE-2011-3210) + [Adam Langley (Google)] + + *) Fix x509_name_ex_d2i memory leak on bad inputs. + [Bodo Moeller] + + *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check + signature public key algorithm by using OID xref utilities instead. + Before this you could only use some ECC ciphersuites with SHA1 only. + [Steve Henson] + + *) Add protection against ECDSA timing attacks as mentioned in the paper + by Billy Bob Brumley and Nicola Tuveri, see: + + http://eprint.iacr.org/2011/232.pdf + + [Billy Bob Brumley and Nicola Tuveri] + Changes between 1.0.0c and 1.0.0d [8 Feb 2011] *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 @@ -882,9 +907,25 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] + Changes between 0.9.8r and 0.9.8s [xx XXX xxxx] + + *) Fix SSL memory handling for (EC)DH ciphersuites, in particular + for multi-threaded use of ECDH. + [Adam Langley (Google)] + + *) Fix x509_name_ex_d2i memory leak on bad inputs. + [Bodo Moeller] + + *) Add protection against ECDSA timing attacks as mentioned in the paper + by Billy Bob Brumley and Nicola Tuveri, see: + + http://eprint.iacr.org/2011/232.pdf + + [Billy Bob Brumley and Nicola Tuveri] + Changes between 0.9.8q and 0.9.8r [8 Feb 2011] - *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 + *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 [Neel Mehta, Adam Langley, Bodo Moeller (Google)] *) Fix bug in string printing code: if *any* escaping is enabled we must |