aboutsummaryrefslogtreecommitdiff
path: root/openssl/CHANGES
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2011-01-23 20:17:10 +0000
committermarha <marha@users.sourceforge.net>2011-01-23 20:17:10 +0000
commit1b639dab951fb73d5031aa0c1afb13e8480d1dae (patch)
tree4e13a4d1e4c609bd01d0bf5d65c6a8acdc3d0c50 /openssl/CHANGES
parent51181fb7f4d135d214974bb6611d51f21475eec8 (diff)
parentb680cf39ed5bc37e0eb7eb86ad8599bf92df3f2b (diff)
downloadvcxsrv-1b639dab951fb73d5031aa0c1afb13e8480d1dae.tar.gz
vcxsrv-1b639dab951fb73d5031aa0c1afb13e8480d1dae.tar.bz2
vcxsrv-1b639dab951fb73d5031aa0c1afb13e8480d1dae.zip
svn merge ^/branches/released .
Diffstat (limited to 'openssl/CHANGES')
-rw-r--r--openssl/CHANGES62
1 files changed, 59 insertions, 3 deletions
diff --git a/openssl/CHANGES b/openssl/CHANGES
index b139cf624..38bfd34aa 100644
--- a/openssl/CHANGES
+++ b/openssl/CHANGES
@@ -2,6 +2,29 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.0b and 1.0.0c [2 Dec 2010]
+
+ *) Disable code workaround for ancient and obsolete Netscape browsers
+ and servers: an attacker can use it in a ciphersuite downgrade attack.
+ Thanks to Martin Rex for discovering this bug. CVE-2010-4180
+ [Steve Henson]
+
+ *) Fixed J-PAKE implementation error, originally discovered by
+ Sebastien Martini, further info and confirmation from Stefan
+ Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+ [Ben Laurie]
+
+ Changes between 1.0.0a and 1.0.0b [16 Nov 2010]
+
+ *) Fix extension code to avoid race conditions which can result in a buffer
+ overrun vulnerability: resumed sessions must not be modified as they can
+ be shared by multiple threads. CVE-2010-3864
+ [Steve Henson]
+
+ *) Fix WIN32 build system to correctly link an ENGINE directory into
+ a DLL.
+ [Steve Henson]
+
Changes between 1.0.0 and 1.0.0a [01 Jun 2010]
*) Check return value of int_rsa_verify in pkey_rsa_verifyrecover
@@ -849,7 +872,34 @@
*) Change 'Configure' script to enable Camellia by default.
[NTT]
- Changes between 0.9.8n and 0.9.8o [xx XXX xxxx]
+ Changes between 0.9.8o and 0.9.8p [xx XXX xxxx]
+
+ *) Fix extension code to avoid race conditions which can result in a buffer
+ overrun vulnerability: resumed sessions must not be modified as they can
+ be shared by multiple threads. CVE-2010-3864
+
+ *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
+ [Steve Henson]
+
+ *) Don't reencode certificate when calculating signature: cache and use
+ the original encoding instead. This makes signature verification of
+ some broken encodings work correctly.
+ [Steve Henson]
+
+ *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT
+ is also one of the inputs.
+ [Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]
+
+ *) Don't repeatedly append PBE algorithms to table if they already exist.
+ Sort table on each new add. This effectively makes the table read only
+ after all algorithms are added and subsequent calls to PKCS12_pbe_add
+ etc are non-op.
+ [Steve Henson]
+
+ Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
+
+ [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after
+ OpenSSL 1.0.0.]
*) Correct a typo in the CMS ASN1 module which can result in invalid memory
access or freeing data twice (CVE-2010-0742)
@@ -860,6 +910,12 @@
SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
[Steve Henson]
+ *) VMS fixes:
+ Reduce copying into .apps and .test in makevms.com
+ Don't try to use blank CA certificate in CA.com
+ Allow use of C files from original directories in maketests.com
+ [Steven M. Schweda" <sms@antinode.info>]
+
Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
*) When rejecting SSL/TLS records due to an incorrect version number, never
@@ -868,8 +924,8 @@
- OpenSSL 0.9.8f if 'short' is longer than 16 bits,
the previous behavior could result in a read attempt at NULL when
receiving specific incorrect SSL/TLS records once record payload
- protection is active. (CVE-2010-####)
- [Bodo Moeller, Adam Langley]
+ protection is active. (CVE-2010-0740)
+ [Bodo Moeller, Adam Langley <agl@chromium.org>]
*) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).