diff options
author | Matt Caswell <matt@openssl.org> | 2022-04-26 14:39:34 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2022-05-03 13:28:07 +0100 |
commit | ffbb106a174a8bc698f41db9a07544963c01e830 (patch) | |
tree | 0c860b8907f2dcace89ae711390cb2a03169dbcc /NEWS.md | |
parent | 17a1818942bb4cab6bee1572733c133f3d6f1aee (diff) |
Update CHANGES and NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
Diffstat (limited to 'NEWS.md')
-rw-r--r-- | NEWS.md | 9 |
1 files changed, 8 insertions, 1 deletions
@@ -20,7 +20,14 @@ OpenSSL 3.0 ### Major changes between OpenSSL 3.0.2 and OpenSSL 3.0.3 [under development] - * none + * Fixed a bug in the c_rehash script which was not properly sanitising shell + metacharacters to prevent command injection ([CVE-2022-1292]) + * Fixed a bug in the function `OCSP_basic_verify` that verifies the signer + certificate on an OCSP response ([CVE-2022-1343]) + * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the + AAD data as the MAC key ([CVE-2022-1434]) + * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory + occuppied by the removed hash table entries ([CVE-2022-1473]) ### Major changes between OpenSSL 3.0.1 and OpenSSL 3.0.2 [15 Mar 2022] |