diff options
author | Matt Caswell <matt@openssl.org> | 2015-12-01 14:39:47 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-12-02 23:38:02 +0000 |
commit | 35c8d0d85fe71e41eb990655b249e398c7fd1435 (patch) | |
tree | 0beea65f2cd043af48fd833333b5e3e1be0f83de | |
parent | 2cdafc51f008e65b2d5263a80ad0e89e9b56c8d3 (diff) |
Update CHANGES and NEWS
Update the CHANGES and NEWS files for the new release.
Reviewed-by: Rich Salz <rsalz@openssl.org>
-rw-r--r-- | CHANGES | 12 | ||||
-rw-r--r-- | NEWS | 2 |
2 files changed, 12 insertions, 2 deletions
@@ -4,7 +4,17 @@ Changes between 0.9.8zg and 0.9.8zh [xx XXX xxxx] - *) + *) X509_ATTRIBUTE memory leak + + When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak + memory. This structure is used by the PKCS#7 and CMS routines so any + application which reads PKCS#7 or CMS data from untrusted sources is + affected. SSL/TLS is not affected. + + This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using + libFuzzer. + (CVE-2015-3195) + [Stephen Henson] Changes between 0.9.8zf and 0.9.8zg [11 Jun 2015] @@ -7,7 +7,7 @@ Major changes between OpenSSL 0.9.8zg and OpenSSL 0.9.8zh [under development] - o + o X509_ATTRIBUTE memory leak (CVE-2015-3195) Major changes between OpenSSL 0.9.8zf and OpenSSL 0.9.8zg [11 Jun 2015] |