diff options
-rw-r--r-- | CHANGES | 13 | ||||
-rw-r--r-- | NEWS | 2 |
2 files changed, 14 insertions, 1 deletions
@@ -9,6 +9,19 @@ Changes between 1.1.1h and 1.1.1i [xx XXX xxxx] + *) Fixed NULL pointer deref in the GENERAL_NAME_cmp function + This function could crash if both GENERAL_NAMEs contain an EDIPARTYNAME. + If an attacker can control both items being compared then this could lead + to a possible denial of service attack. OpenSSL itself uses the + GENERAL_NAME_cmp function for two purposes: + 1) Comparing CRL distribution point names between an available CRL and a + CRL distribution point embedded in an X509 certificate + 2) When verifying that a timestamp response token signer matches the + timestamp authority name (exposed via the API functions + TS_RESP_verify_response and TS_RESP_verify_token) + (CVE-2020-1971) + [Matt Caswell] + *) Add support for Apple Silicon M1 Macs with the darwin64-arm64-cc target. [Stuart Carnie] @@ -7,7 +7,7 @@ Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [under development] - o + o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971) Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020] |