diff options
| author | Bodo Möller <bodo@openssl.org> | 2006-09-28 13:35:01 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2006-09-28 13:35:01 +0000 |
| commit | 61118caa86ecf8acba2c6d17caabeed9022acf9d (patch) | |
| tree | 36fbabb7076015f4376c0a55a8d26e1d933c1876 /CHANGES | |
| parent | 348be7ec60f7cce7503ba759a1a5a7591a648f1f (diff) | |
include 0.9.8d and 0.9.7l information
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 20 |
1 files changed, 18 insertions, 2 deletions
@@ -416,7 +416,9 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] - Changes between 0.9.8c and 0.9.8d [xx XXX xxxx] + Changes between 0.9.8d and 0.9.8e [XX xxx XXXX] + + Changes between 0.9.8c and 0.9.8d [28 Sep 2006] *) Introduce limits to prevent malicious keys being able to cause a denial of service. (CVE-2006-2940) @@ -1420,7 +1422,21 @@ differing sizes. [Richard Levitte] - Changes between 0.9.7k and 0.9.7l [xx XXX xxxx] + Changes between 0.9.7k and 0.9.7l [28 Sep 2006] + + *) Introduce limits to prevent malicious keys being able to + cause a denial of service. (CVE-2006-2940) + [Steve Henson, Bodo Moeller] + + *) Fix ASN.1 parsing of certain invalid structures that can result + in a denial of service. (CVE-2006-2937) [Steve Henson] + + *) Fix buffer overflow in SSL_get_shared_ciphers() function. + (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] + + *) Fix SSL client code which could crash if connecting to a + malicious SSLv2 server. (CVE-2006-4343) + [Tavis Ormandy and Will Drewry, Google Security Team] *) Change ciphersuite string processing so that an explicit ciphersuite selects this one ciphersuite (so that "AES256-SHA" |