diff options
author | marha <marha@users.sourceforge.net> | 2015-06-15 20:18:50 +0200 |
---|---|---|
committer | Mike DePaulo <mikedep333@gmail.com> | 2015-06-22 01:16:46 -0400 |
commit | 36da4a2e0e43928a29ac2ee5c55bf681e90e2f42 (patch) | |
tree | 92633e1022d705c72d0f97315891e719648dd17e /openssl/NEWS | |
parent | bec4be4c48239613ed1c704ae71bf08754eef711 (diff) | |
download | vcxsrv-release/external-1.17.0.0-x.tar.gz vcxsrv-release/external-1.17.0.0-x.tar.bz2 vcxsrv-release/external-1.17.0.0-x.zip |
Update to openssl-1.0.2crelease/external-1.17.0.0-x
Diffstat (limited to 'openssl/NEWS')
-rw-r--r-- | openssl/NEWS | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/openssl/NEWS b/openssl/NEWS index 682c583da..f3574cf4c 100644 --- a/openssl/NEWS +++ b/openssl/NEWS @@ -5,6 +5,18 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] + + o Fix HMAC ABI incompatibility + + Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015] + + o Malformed ECParameters causes infinite loop (CVE-2015-1788) + o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) + o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) + o CMS verify infinite loop with unknown hash function (CVE-2015-1792) + o Race condition handling NewSessionTicket (CVE-2015-1791) + Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015] o OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291) |