diff options
author | Matt Caswell <matt@openssl.org> | 2016-09-21 21:59:49 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-09-22 09:22:05 +0100 |
commit | 35aede1cd7411aa404512facfcb22e3859966ef6 (patch) | |
tree | ce9d7c0a1c2353553de783fa77d66a25bfd79d99 /NEWS | |
parent | 92c8d6ae0d741fdca3b72baf627d16908dae64ce (diff) |
Updates CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 12 |
1 files changed, 11 insertions, 1 deletions
@@ -7,7 +7,17 @@ Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [under development] - o + o OCSP Status Request extension unbounded memory growth (CVE-2016-6304) + o SWEET32 Mitigation (CVE-2016-2183) + o OOB write in MDC2_Update() (CVE-2016-6303) + o Malformed SHA512 ticket DoS (CVE-2016-6302) + o OOB write in BN_bn2dec() (CVE-2016-2182) + o OOB read in TS_OBJ_print_bio() (CVE-2016-2180) + o Pointer arithmetic undefined behaviour (CVE-2016-2177) + o Constant time flag not preserved in DSA signing (CVE-2016-2178) + o DTLS buffered message DoS (CVE-2016-2179) + o DTLS replay protection DoS (CVE-2016-2181) + o Certificate message OOB reads (CVE-2016-6306) Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016] |