diff options
author | Matt Caswell <matt@openssl.org> | 2022-04-26 14:39:34 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2022-05-03 13:30:07 +0100 |
commit | 58d24ad926e3ccb30be9254cd1c7acbfac35a568 (patch) | |
tree | c67291873a6513f94a8dfc15b8499ce15dbe704b | |
parent | 76eb96b656f742be4c2e6d83d621af22031953cb (diff) |
Update CHANGES and NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
-rw-r--r-- | CHANGES | 11 | ||||
-rw-r--r-- | NEWS | 5 |
2 files changed, 13 insertions, 3 deletions
@@ -9,7 +9,16 @@ Changes between 1.1.1n and 1.1.1o [xx XXX xxxx] - *) + *) Fixed a bug in the c_rehash script which was not properly sanitising shell + metacharacters to prevent command injection. This script is distributed by + some operating systems in a manner where it is automatically executed. On + such operating systems, an attacker could execute arbitrary commands with the + privileges of the script. + + Use of the c_rehash script is considered obsolete and should be replaced + by the OpenSSL rehash command line tool. + (CVE-2022-1292) + [Tomáš Mráz] Changes between 1.1.1m and 1.1.1n [15 Mar 2022] @@ -7,12 +7,13 @@ Major changes between OpenSSL 1.1.1n and OpenSSL 1.1.1o [under development] - o + o Fixed a bug in the c_rehash script which was not properly sanitising + shell metacharacters to prevent command injection (CVE-2022-1292) Major changes between OpenSSL 1.1.1m and OpenSSL 1.1.1n [15 Mar 2022] o Fixed a bug in the BN_mod_sqrt() function that can cause it to loop - forever for non-prime moduli ([CVE-2022-0778]) + forever for non-prime moduli (CVE-2022-0778) Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021] |