Introduce limits to prevent malicious keys being able to

cause a denial of service. (CVE-2006-2940) [Steve Henson, Bodo Moeller] Fix ASN.1 parsing of certain invalid structures that can result in a denial of service. (CVE-2006-2937) [Steve Henson] Fix buffer overflow in SSL_get_shared_ciphers() function. (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] Fix SSL client code which could crash if connecting to a malicious SSLv2 server. (CVE-2006-4343) [Tavis Ormandy and Will Drewry, Google Security Team]
author: Mark J. Cox <mark@openssl.org> 2006-09-28 11:29:03 +0000
committer: Mark J. Cox <mark@openssl.org> 2006-09-28 11:29:03 +0000
commit: 951dfbb13a79bff82cef8096d2c93bc2d65a7525 (patch)
tree: abc7f989e18378c7c06a5eecf6f23257fb42f53a /NEWS
parent: 81780a3b6290836f3ef64eafe7143e892e7fa5cc (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 6bda70f39b..ad8033a81b 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,12 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.8d:
+
+      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
+      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
+      o Changes to ciphersuite selection algorithm
+
   Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c:
 
       o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
author	Mark J. Cox <mark@openssl.org>	2006-09-28 11:29:03 +0000
committer	Mark J. Cox <mark@openssl.org>	2006-09-28 11:29:03 +0000
commit	951dfbb13a79bff82cef8096d2c93bc2d65a7525 (patch)
tree	abc7f989e18378c7c06a5eecf6f23257fb42f53a /NEWS
parent	81780a3b6290836f3ef64eafe7143e892e7fa5cc (diff)