diff options
| author | Bodo Moeller <bodo@openssl.org> | 2013-09-16 14:54:34 +0200 |
|---|---|---|
| committer | Bodo Moeller <bodo@openssl.org> | 2013-09-16 14:54:34 +0200 |
| commit | 1b9a59c36a547443dbefb0faed6598b3a15719c9 (patch) | |
| tree | 4ef3f8aff691be1095a6f44557f1d21e852a6fe3 /NEWS | |
| parent | 8f89c33451876eea1f4afc8e956e8ea1fe08d241 (diff) | |
Sync CHANGES and NEWS files.
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 77 |
1 files changed, 77 insertions, 0 deletions
@@ -5,6 +5,35 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e: + + o Corrected fix for CVE-2013-0169 + + Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d: + + o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. + o Include the fips configuration module. + o Fix OCSP bad key DoS attack CVE-2013-0166 + o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 + o Fix for TLS AESNI record handling flaw CVE-2012-2686 + + Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c: + + o Fix TLS/DTLS record length checking bug CVE-2012-2333 + o Don't attempt to use non-FIPS composite ciphers in FIPS mode. + + Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b: + + o Fix compilation error on non-x86 platforms. + o Make FIPS capable OpenSSL ciphers work in non-FIPS mode. + o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0 + + Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a: + + o Fix for ASN1 overflow bug CVE-2012-2110 + o Workarounds for some servers that hang on long client hellos. + o Fix SEGV in AES code. + Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1: o TLS/DTLS heartbeat support. @@ -18,6 +47,19 @@ o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. + Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k: + + o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 + o Fix OCSP bad key DoS attack CVE-2013-0166 + + Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j: + + o Fix DTLS record length checking bug CVE-2012-2333 + + Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i: + + o Fix for ASN1 overflow bug CVE-2012-2110 + Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 @@ -90,6 +132,41 @@ o Opaque PRF Input TLS extension support. o Updated time routines to avoid OS limitations. + Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y: + + o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 + o Fix OCSP bad key DoS attack CVE-2013-0166 + + Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x: + + o Fix DTLS record length checking bug CVE-2012-2333 + + Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w: + + o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110) + + Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v: + + o Fix for ASN1 overflow bug CVE-2012-2110 + + Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u: + + o Fix for CMS/PKCS#7 MMA CVE-2012-0884 + o Corrected fix for CVE-2011-4619 + o Various DTLS fixes. + + Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t: + + o Fix for DTLS DoS issue CVE-2012-0050 + + Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s: + + o Fix for DTLS plaintext recovery attack CVE-2011-4108 + o Fix policy check double free error CVE-2011-4109 + o Clear block padding bytes of SSL 3.0 records CVE-2011-4576 + o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619 + o Check for malformed RFC3779 data CVE-2011-4577 + Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r: o Fix for security issue CVE-2011-0014 |