include 0.9.8d and 0.9.7l information

This commit is contained in:
Bodo Möller 2006-09-28 13:35:01 +00:00
parent 348be7ec60
commit 61118caa86
2 changed files with 29 additions and 2 deletions

20
CHANGES
View file

@ -416,7 +416,9 @@
*) Change 'Configure' script to enable Camellia by default.
[NTT]
Changes between 0.9.8c and 0.9.8d [xx XXX xxxx]
Changes between 0.9.8d and 0.9.8e [XX xxx XXXX]
Changes between 0.9.8c and 0.9.8d [28 Sep 2006]
*) Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)
@ -1420,7 +1422,21 @@
differing sizes.
[Richard Levitte]
Changes between 0.9.7k and 0.9.7l [xx XXX xxxx]
Changes between 0.9.7k and 0.9.7l [28 Sep 2006]
*) Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
*) Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937) [Steve Henson]
*) Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
*) Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
*) Change ciphersuite string processing so that an explicit
ciphersuite selects this one ciphersuite (so that "AES256-SHA"

11
NEWS
View file

@ -5,6 +5,12 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d:
o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
o Changes to ciphersuite selection algorithm
Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c:
o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
@ -99,6 +105,11 @@
o Added initial support for Win64.
o Added alternate pkg-config files.
Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:
o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k:
o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339