diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2009-03-25 12:54:14 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2009-03-25 12:54:14 +0000 |
| commit | 73ba116e963e74e3a6ed4eb8096561fbc4e4ec65 (patch) | |
| tree | 85f67793b60b1b2a73adcfe807952db5e60743e8 /CHANGES | |
| parent | 80b2ff978d4f309cea71754ae6bcc01d6b36ea20 (diff) | |
Update from stable branch.
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -751,6 +751,11 @@ Changes between 0.9.8j and 0.9.8k [xx XXX xxxx] + *) Don't set val to NULL when freeing up structures, it is freed up by + underlying code. If sizeof(void *) > sizeof(long) this can result in + zeroing past the valid field. (CVE-2009-0789) + [Paolo Ganci <Paolo.Ganci@AdNovum.CH>] + *) Fix bug where return value of CMS_SignerInfo_verify_content() was not checked correctly. This would allow some invalid signed attributes to appear to verify correctly. (CVE-2009-0591) |