Update CHANGES and NEWS for release of 1.1.1g

Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Matt Caswell <matt@openssl.org> 2020-04-21 10:33:43 +0100
committer: Matt Caswell <matt@openssl.org> 2020-04-21 11:20:39 +0100
commit: 23424be835dc10f0942c91952142d75345ef9de1 (patch)
tree: 8b3dd0154399c191822b07c7a456ec9ee1617225 /CHANGES
parent: bb19162558017d530a6c26d6eb972ba15d73ba81 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 6239fa4139..d655eb0654 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,16 @@
 
  Changes between 1.1.1f and 1.1.1g [xx XXX xxxx]
 
+  *) Fixed segmentation fault in SSL_check_chain()
+     Server or client applications that call the SSL_check_chain() function
+     during or after a TLS 1.3 handshake may crash due to a NULL pointer
+     dereference as a result of incorrect handling of the
+     "signature_algorithms_cert" TLS extension. The crash occurs if an invalid
+     or unrecognised signature algorithm is received from the peer. This could
+     be exploited by a malicious peer in a Denial of Service attack.
+     (CVE-2020-1967)
+     [Benjamin Kaduk]
+
   *) Added AES consttime code for no-asm configurations
      an optional constant time support for AES was added
      when building openssl for no-asm.
author	Matt Caswell <matt@openssl.org>	2020-04-21 10:33:43 +0100
committer	Matt Caswell <matt@openssl.org>	2020-04-21 11:20:39 +0100
commit	23424be835dc10f0942c91952142d75345ef9de1 (patch)
tree	8b3dd0154399c191822b07c7a456ec9ee1617225 /CHANGES
parent	bb19162558017d530a6c26d6eb972ba15d73ba81 (diff)