Update CHANGES and NEWS for the new release

Reviewed-by: Stephen Henson <steve@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-07-02 15:38:32 +0100
committer: Matt Caswell <matt@openssl.org> 2015-07-09 09:31:25 +0100
commit: 5627e0f77d333b3d6d2f87b0cc616a062cf54aeb (patch)
tree: ab6b18a3a6bc01c47b26a0bb58f3977b7b71bae4 /CHANGES
parent: 9dee5244e1d879ee94b203e618202be91936ff71 (diff)
1 files changed, 12 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index 5aff3e1691..a3b3e20187 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,18 @@
 
  Changes between 1.0.2c and 1.0.2d [xx XXX xxxx]
 
-  *)
+  *) Alternate chains certificate forgery
+
+     During certificate verfification, OpenSSL will attempt to find an
+     alternative certificate chain if the first attempt to build such a chain
+     fails. An error in the implementation of this logic can mean that an
+     attacker could cause certain checks on untrusted certificates to be
+     bypassed, such as the CA flag, enabling them to use a valid leaf
+     certificate to act as a CA and "issue" an invalid certificate.
+
+     This issue was reported to OpenSSL by Adam Langley/David Benjamin
+     (Google/BoringSSL).
+     [Matt Caswell]
 
  Changes between 1.0.2b and 1.0.2c [12 Jun 2015]
author	Matt Caswell <matt@openssl.org>	2015-07-02 15:38:32 +0100
committer	Matt Caswell <matt@openssl.org>	2015-07-09 09:31:25 +0100
commit	5627e0f77d333b3d6d2f87b0cc616a062cf54aeb (patch)
tree	ab6b18a3a6bc01c47b26a0bb58f3977b7b71bae4 /CHANGES
parent	9dee5244e1d879ee94b203e618202be91936ff71 (diff)