Update openssl: 1.0.1o -> 1.0.1p

author: Mike DePaulo <mikedep333@gmail.com> 2015-07-10 08:13:00 -0400
committer: Mike DePaulo <mikedep333@gmail.com> 2015-07-10 08:23:07 -0400
commit: ca7b8d357638d3f7d22b5df91e325022f3517368 (patch)
tree: a6f0421e63b9efc3f9036f86e27b1bfe96fc9121 /openssl/CHANGES
parent: ab75afbcc58c927654b75d8b3c179f423e38cfbd (diff)
download: vcxsrv-ca7b8d357638d3f7d22b5df91e325022f3517368.tar.gz
vcxsrv-ca7b8d357638d3f7d22b5df91e325022f3517368.tar.bz2
vcxsrv-ca7b8d357638d3f7d22b5df91e325022f3517368.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/openssl/CHANGES b/openssl/CHANGES
index 759b2a7bb..2e888f7b0 100644
--- a/openssl/CHANGES
+++ b/openssl/CHANGES
@@ -2,6 +2,21 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.1o and 1.0.1p [9 Jul 2015]
+
+  *) Alternate chains certificate forgery
+
+     During certificate verfification, OpenSSL will attempt to find an
+     alternative certificate chain if the first attempt to build such a chain
+     fails. An error in the implementation of this logic can mean that an
+     attacker could cause certain checks on untrusted certificates to be
+     bypassed, such as the CA flag, enabling them to use a valid leaf
+     certificate to act as a CA and "issue" an invalid certificate.
+
+     This issue was reported to OpenSSL by Adam Langley/David Benjamin
+     (Google/BoringSSL).
+     [Matt Caswell]
+
  Changes between 1.0.1n and 1.0.1o [12 Jun 2015]
 
   *) Fix HMAC ABI incompatibility. The previous version introduced an ABI
author	Mike DePaulo <mikedep333@gmail.com>	2015-07-10 08:13:00 -0400
committer	Mike DePaulo <mikedep333@gmail.com>	2015-07-10 08:23:07 -0400
commit	ca7b8d357638d3f7d22b5df91e325022f3517368 (patch)
tree	a6f0421e63b9efc3f9036f86e27b1bfe96fc9121 /openssl/CHANGES
parent	ab75afbcc58c927654b75d8b3c179f423e38cfbd (diff)
download	vcxsrv-ca7b8d357638d3f7d22b5df91e325022f3517368.tar.gz vcxsrv-ca7b8d357638d3f7d22b5df91e325022f3517368.tar.bz2 vcxsrv-ca7b8d357638d3f7d22b5df91e325022f3517368.zip