diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-09-06 15:14:41 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-09-06 15:14:41 +0000 |
commit | cd447875e65fb8de648bfa30126e24f2786e2040 (patch) | |
tree | 248533b744525270ed67e522afa94341183b9b2e /CHANGES | |
parent | 692a94293c833515999b43b03ae4f862a105cfb0 (diff) |
Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past
produce an error (CVE-2011-3207)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -177,8 +177,12 @@ Changes between 1.0.0d and 1.0.0e [xx XXX xxxx] + *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted + by initialising X509_STORE_CTX properly. (CVE-2011-3207) + [Kaspar Brand <ossl@velox.ch>] + *) Fix SSL memory handling for (EC)DH ciphersuites, in particular - for multi-threaded use of ECDH. + for multi-threaded use of ECDH. (CVE-2011-3210) [Adam Langley (Google)] *) Fix x509_name_ex_d2i memory leak on bad inputs. |