diff options
| author | Tomas Mraz <tomas@openssl.org> | 2023-01-18 15:45:20 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2023-02-03 12:38:44 +0100 |
| commit | 071e702aec805ea06d5c8e8bc018b1960bd2efb5 (patch) | |
| tree | 1c6c22601ed46e12f5dd28c82799b1976d3738b5 /NEWS.md | |
| parent | a0f2359613f50b5ca6b74b78bf4b54d7dc925fd2 (diff) | |
Add CHANGES.md and NEWS.md entries for the 3.0.8 release
Reviewed-by: Mark J. Cox <mark@awe.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Diffstat (limited to 'NEWS.md')
| -rw-r--r-- | NEWS.md | 20 |
1 files changed, 18 insertions, 2 deletions
@@ -20,7 +20,15 @@ OpenSSL 3.0 ### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [under development] - * none + * Fixed NULL dereference during PKCS7 data verification ([CVE-2023-0401]) + * Fixed X.400 address type confusion in X.509 GeneralName ([CVE-2023-0286]) + * Fixed NULL dereference validating DSA public key ([CVE-2023-0217]) + * Fixed Invalid pointer dereference in d2i_PKCS7 functions ([CVE-2023-0216]) + * Fixed Use-after-free following BIO_new_NDEF ([CVE-2023-0215]) + * Fixed Double free after calling PEM_read_bio_ex ([CVE-2022-4450]) + * Fixed Timing Oracle in RSA Decryption ([CVE-2022-4304]) + * Fixed X.509 Name Constraints Read Buffer Overflow ([CVE-2022-4203]) + * Fixed X.509 Policy Constraints Double Locking ([CVE-2022-3996]) ### Major changes between OpenSSL 3.0.6 and OpenSSL 3.0.7 [1 Nov 2022] @@ -1422,7 +1430,15 @@ OpenSSL 0.9.x * Support for various new platforms <!-- Links --> - +[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401 +[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286 +[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217 +[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216 +[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215 +[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450 +[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304 +[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203 +[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996 [CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 [CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 [CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971 |