diff options
author | Matt Caswell <matt@openssl.org> | 2020-12-08 11:19:41 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-12-08 11:48:12 +0000 |
commit | a672794c04ec3ad0cf0796cf025edf6786de98b9 (patch) | |
tree | c98b43c03547d3a4cfddcbf19c1720c25ea42922 /CHANGES | |
parent | 433974af7b188d55b1da049b84f3fdeca320cb6a (diff) |
Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -9,6 +9,19 @@ Changes between 1.1.1h and 1.1.1i [xx XXX xxxx] + *) Fixed NULL pointer deref in the GENERAL_NAME_cmp function + This function could crash if both GENERAL_NAMEs contain an EDIPARTYNAME. + If an attacker can control both items being compared then this could lead + to a possible denial of service attack. OpenSSL itself uses the + GENERAL_NAME_cmp function for two purposes: + 1) Comparing CRL distribution point names between an available CRL and a + CRL distribution point embedded in an X509 certificate + 2) When verifying that a timestamp response token signer matches the + timestamp authority name (exposed via the API functions + TS_RESP_verify_response and TS_RESP_verify_token) + (CVE-2020-1971) + [Matt Caswell] + *) Add support for Apple Silicon M1 Macs with the darwin64-arm64-cc target. [Stuart Carnie] |