diff options
author | Mark J. Cox <mark@openssl.org> | 2006-09-05 08:25:42 +0000 |
---|---|---|
committer | Mark J. Cox <mark@openssl.org> | 2006-09-05 08:25:42 +0000 |
commit | df20b6e79b97b59a373abf44108fedc6f2d60159 (patch) | |
tree | 967942b3a68a55ff7a90cd2120f6443cb2358eb6 /NEWS | |
parent | f4f1dc39e053ba8408e6e15d82af3a6551b96b00 (diff) |
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339)
Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 13 |
1 files changed, 11 insertions, 2 deletions
@@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c: + + o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 + o New cipher Camellia + Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b: o Cipher string fixes. @@ -17,7 +22,7 @@ Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a: - o Fix potential SSL 2.0 rollback, CAN-2005-2969 + o Fix potential SSL 2.0 rollback, CVE-2005-2969 o Extended Windows CE support Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8: @@ -94,6 +99,10 @@ o Added initial support for Win64. o Added alternate pkg-config files. + Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k: + + o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 + Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j: o Visual C++ 2005 fixes. @@ -105,7 +114,7 @@ Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h: - o Fix SSL 2.0 Rollback, CAN-2005-2969 + o Fix SSL 2.0 Rollback, CVE-2005-2969 o Allow use of fixed-length exponent on DSA signing o Default fixed-window RSA, DSA, DH private-key operations |