diff options
author | Matt Caswell <matt@openssl.org> | 2016-03-01 11:00:48 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-03-01 11:48:43 +0000 |
commit | 248808c8406c113d00ab45368ab03bfa66411d00 (patch) | |
tree | 7a3520a5acd0359486b93f796d40d8a983666917 /NEWS | |
parent | 515f3be47a0b58eec808cf365bc5e8ef6917266b (diff) |
Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -8,7 +8,15 @@ Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [under development] o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. - o Disable SSLv2 default build, default negotiation and weak ciphers. + o Disable SSLv2 default build, default negotiation and weak ciphers + (CVE-2016-0800) + o Fix a double-free in DSA code (CVE-2016-0705) + o Disable SRP fake user seed to address a server memory leak + (CVE-2016-0798) + o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption + (CVE-2016-0797) + o Fix memory issues in BIO_*printf functions (CVE-2016-0799) + o Fix side channel attack on modular exponentiation (CVE-2016-0702) Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] |