diff options
| author | Matt Caswell <matt@openssl.org> | 2020-12-08 11:19:41 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-12-08 11:45:55 +0000 |
| commit | 1e13198fa72943dd7e5154d7250a86b93a8f7e47 (patch) | |
| tree | 3f1470a3c86b53c0b072e33153e9497bdb920d86 | |
| parent | 22b88fc9c0e22545401c0b34d24843883ea73fec (diff) | |
Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
| -rw-r--r-- | CHANGES.md | 15 | ||||
| -rw-r--r-- | NEWS.md | 3 |
2 files changed, 16 insertions, 2 deletions
diff --git a/CHANGES.md b/CHANGES.md index e3ab1c5562..b099baa27a 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1339,7 +1339,19 @@ OpenSSL 1.1.1 ### Changes between 1.1.1h and 1.1.1i [xx XXX xxxx] - * + * Fixed NULL pointer deref in the GENERAL_NAME_cmp function + This function could crash if both GENERAL_NAMEs contain an EDIPARTYNAME. + If an attacker can control both items being compared then this could lead + to a possible denial of service attack. OpenSSL itself uses the + GENERAL_NAME_cmp function for two purposes: + 1) Comparing CRL distribution point names between an available CRL and a + CRL distribution point embedded in an X509 certificate + 2) When verifying that a timestamp response token signer matches the + timestamp authority name (exposed via the API functions + TS_RESP_verify_response and TS_RESP_verify_token) + ([CVE-2020-1971]) + + *Matt Caswell* ### Changes between 1.1.1g and 1.1.1h [22 Sep 2020] @@ -18662,6 +18674,7 @@ ndif <!-- Links --> +[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971 [CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967 [CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563 [CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559 @@ -77,7 +77,7 @@ OpenSSL 1.1.1 ### Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [under development] - * + * Fixed NULL pointer deref in GENERAL_NAME_cmp ([CVE-2020-1971]) ### Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020] @@ -1328,6 +1328,7 @@ OpenSSL 0.9.x <!-- Links --> +[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971 [CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967 [CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563 [CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559 |