diff options
author | Matt Caswell <matt@openssl.org> | 2017-02-16 09:51:56 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-02-16 10:11:09 +0000 |
commit | aed24635b8c3a0635448c90ebee6eb2447be4a66 (patch) | |
tree | e0fe7a5554d24bdcc307591c5df7a51508ef8821 | |
parent | 60747ea22f8b25b2a7e54e7fe4ad47dfe8f93383 (diff) |
Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
-rw-r--r-- | CHANGES | 11 | ||||
-rw-r--r-- | NEWS | 2 |
2 files changed, 11 insertions, 2 deletions
@@ -4,7 +4,16 @@ Changes between 1.1.0d and 1.1.0e [xx XXX xxxx] - *) + *) Encrypt-Then-Mac renegotiation crash + + During a renegotiation handshake if the Encrypt-Then-Mac extension is + negotiated where it was not in the original handshake (or vice-versa) then + this can cause OpenSSL to crash (dependant on ciphersuite). Both clients + and servers are affected. + + This issue was reported to OpenSSL by Joe Orton (Red Hat). + (CVE-2017-3733) + [Matt Caswell] Changes between 1.1.0c and 1.1.0d [26 Jan 2017] @@ -7,7 +7,7 @@ Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [under development] - o + o Encrypt-Then-Mac renegotiation crash (CVE-2017-3733) Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017] |