summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGES12
-rw-r--r--NEWS2
2 files changed, 12 insertions, 2 deletions
diff --git a/CHANGES b/CHANGES
index ed2f0ecff3..fb36e9eff8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,17 @@
Changes between 0.9.8zg and 0.9.8zh [xx XXX xxxx]
- *)
+ *) X509_ATTRIBUTE memory leak
+
+ When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
+ memory. This structure is used by the PKCS#7 and CMS routines so any
+ application which reads PKCS#7 or CMS data from untrusted sources is
+ affected. SSL/TLS is not affected.
+
+ This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using
+ libFuzzer.
+ (CVE-2015-3195)
+ [Stephen Henson]
Changes between 0.9.8zf and 0.9.8zg [11 Jun 2015]
diff --git a/NEWS b/NEWS
index 4ffbbab0cd..2ddf2f8aef 100644
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,7 @@
Major changes between OpenSSL 0.9.8zg and OpenSSL 0.9.8zh [under development]
- o
+ o X509_ATTRIBUTE memory leak (CVE-2015-3195)
Major changes between OpenSSL 0.9.8zf and OpenSSL 0.9.8zg [11 Jun 2015]
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-19 15:32:03 +0000