diff options
author | Tomas Mraz <tomas@openssl.org> | 2023-02-07 17:18:54 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-02-11 15:04:08 +0100 |
commit | dbb1d37897730ae38f528aad0751829f9fbe0198 (patch) | |
tree | bcb8daba4f716b14e48d110d0571d3642c8bbc19 /NEWS.md | |
parent | c062097bf3e305c9c3b90c0941bb58b8cd7baf88 (diff) |
Sync CHANGES.md and NEWS.md with 3.0.8 release
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20228)
(cherry picked from commit 5f14b5bc25d78384d239428f0d255d1ea7c4a6d1)
Diffstat (limited to 'NEWS.md')
-rw-r--r-- | NEWS.md | 22 |
1 files changed, 21 insertions, 1 deletions
@@ -30,6 +30,18 @@ OpenSSL 3.1 OpenSSL 3.0 ----------- +### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023] + + * Fixed NULL dereference during PKCS7 data verification ([CVE-2023-0401]) + * Fixed X.400 address type confusion in X.509 GeneralName ([CVE-2023-0286]) + * Fixed NULL dereference validating DSA public key ([CVE-2023-0217]) + * Fixed Invalid pointer dereference in d2i_PKCS7 functions ([CVE-2023-0216]) + * Fixed Use-after-free following BIO_new_NDEF ([CVE-2023-0215]) + * Fixed Double free after calling PEM_read_bio_ex ([CVE-2022-4450]) + * Fixed Timing Oracle in RSA Decryption ([CVE-2022-4304]) + * Fixed X.509 Name Constraints Read Buffer Overflow ([CVE-2022-4203]) + * Fixed X.509 Policy Constraints Double Locking ([CVE-2022-3996]) + ### Major changes between OpenSSL 3.0.6 and OpenSSL 3.0.7 [1 Nov 2022] * Added RIPEMD160 to the default provider. @@ -1430,7 +1442,15 @@ OpenSSL 0.9.x * Support for various new platforms <!-- Links --> - +[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401 +[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286 +[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217 +[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216 +[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215 +[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450 +[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304 +[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203 +[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996 [CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 [CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 [CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971 |