aboutsummaryrefslogtreecommitdiff
path: root/openssl/CHANGES
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2011-09-30 08:46:36 +0200
committermarha <marha@users.sourceforge.net>2011-09-30 08:46:36 +0200
commit73d82f7ac0d1add2697128c2e26c2432ffe172a5 (patch)
treec6436b57a2191c57320396c37449109ebad745ec /openssl/CHANGES
parent4a9e1f51655e03da1507dabce7c4c3960e7ca607 (diff)
parent60adbfdea1ee754341d64454274e7aa83bae8971 (diff)
downloadvcxsrv-73d82f7ac0d1add2697128c2e26c2432ffe172a5.tar.gz
vcxsrv-73d82f7ac0d1add2697128c2e26c2432ffe172a5.tar.bz2
vcxsrv-73d82f7ac0d1add2697128c2e26c2432ffe172a5.zip
Merge remote-tracking branch 'origin/released'
Conflicts: openssl/Makefile
Diffstat (limited to 'openssl/CHANGES')
-rw-r--r--openssl/CHANGES43
1 files changed, 42 insertions, 1 deletions
diff --git a/openssl/CHANGES b/openssl/CHANGES
index 5cae85c9c..a0de5abb6 100644
--- a/openssl/CHANGES
+++ b/openssl/CHANGES
@@ -2,6 +2,31 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.0d and 1.0.0e [6 Sep 2011]
+
+ *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted
+ by initialising X509_STORE_CTX properly. (CVE-2011-3207)
+ [Kaspar Brand <ossl@velox.ch>]
+
+ *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
+ for multi-threaded use of ECDH. (CVE-2011-3210)
+ [Adam Langley (Google)]
+
+ *) Fix x509_name_ex_d2i memory leak on bad inputs.
+ [Bodo Moeller]
+
+ *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
+ signature public key algorithm by using OID xref utilities instead.
+ Before this you could only use some ECC ciphersuites with SHA1 only.
+ [Steve Henson]
+
+ *) Add protection against ECDSA timing attacks as mentioned in the paper
+ by Billy Bob Brumley and Nicola Tuveri, see:
+
+ http://eprint.iacr.org/2011/232.pdf
+
+ [Billy Bob Brumley and Nicola Tuveri]
+
Changes between 1.0.0c and 1.0.0d [8 Feb 2011]
*) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
@@ -882,9 +907,25 @@
*) Change 'Configure' script to enable Camellia by default.
[NTT]
+ Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]
+
+ *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
+ for multi-threaded use of ECDH.
+ [Adam Langley (Google)]
+
+ *) Fix x509_name_ex_d2i memory leak on bad inputs.
+ [Bodo Moeller]
+
+ *) Add protection against ECDSA timing attacks as mentioned in the paper
+ by Billy Bob Brumley and Nicola Tuveri, see:
+
+ http://eprint.iacr.org/2011/232.pdf
+
+ [Billy Bob Brumley and Nicola Tuveri]
+
Changes between 0.9.8q and 0.9.8r [8 Feb 2011]
- *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
+ *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
[Neel Mehta, Adam Langley, Bodo Moeller (Google)]
*) Fix bug in string printing code: if *any* escaping is enabled we must