include 0.9.8d and 0.9.7l information
This commit is contained in:
Bodo Möller
parent
348be7ec60
commit
61118caa86
2 changed files with 29 additions and 2 deletions
20
CHANGES
20
CHANGES
|
|
@ -416,7 +416,9 @@
|
|||
*) Change 'Configure' script to enable Camellia by default.
|
||||
[NTT]
|
||||
|
||||
Changes between 0.9.8c and 0.9.8d [xx XXX xxxx]
|
||||
Changes between 0.9.8d and 0.9.8e [XX xxx XXXX]
|
||||
|
||||
Changes between 0.9.8c and 0.9.8d [28 Sep 2006]
|
||||
|
||||
*) Introduce limits to prevent malicious keys being able to
|
||||
cause a denial of service. (CVE-2006-2940)
|
||||
|
|
@ -1420,7 +1422,21 @@
|
|||
differing sizes.
|
||||
[Richard Levitte]
|
||||
|
||||
Changes between 0.9.7k and 0.9.7l [xx XXX xxxx]
|
||||
Changes between 0.9.7k and 0.9.7l [28 Sep 2006]
|
||||
|
||||
*) Introduce limits to prevent malicious keys being able to
|
||||
cause a denial of service. (CVE-2006-2940)
|
||||
[Steve Henson, Bodo Moeller]
|
||||
|
||||
*) Fix ASN.1 parsing of certain invalid structures that can result
|
||||
in a denial of service. (CVE-2006-2937) [Steve Henson]
|
||||
|
||||
*) Fix buffer overflow in SSL_get_shared_ciphers() function.
|
||||
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
|
||||
|
||||
*) Fix SSL client code which could crash if connecting to a
|
||||
malicious SSLv2 server. (CVE-2006-4343)
|
||||
[Tavis Ormandy and Will Drewry, Google Security Team]
|
||||
|
||||
*) Change ciphersuite string processing so that an explicit
|
||||
ciphersuite selects this one ciphersuite (so that "AES256-SHA"
|
||||
|
|
|
|||
11
NEWS
11
NEWS
|
|
@ -5,6 +5,12 @@
|
|||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d:
|
||||
|
||||
o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
|
||||
o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
|
||||
o Changes to ciphersuite selection algorithm
|
||||
|
||||
Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c:
|
||||
|
||||
o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
|
||||
|
|
@ -99,6 +105,11 @@
|
|||
o Added initial support for Win64.
|
||||
o Added alternate pkg-config files.
|
||||
|
||||
Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:
|
||||
|
||||
o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
|
||||
o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
|
||||
|
||||
Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k:
|
||||
|
||||
o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
|
||||
|
|
|
|||
Loading…
Reference in a new issue