generic-library/libreSSL
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add security update notes

Browse Source
This commit is contained in:
Brent Cook
2015-06-11 09:02:54 -05:00
parent 04a8eca5d3
commit 351b51613b
1 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
ChangeLog
View File

@@ -31,7 +31,7 @@ LibreSSL Portable Release Notes:
This release primarily addresses a number of security issues in coordination This release primarily addresses a number of security issues in coordination
with the OpenSSL project. with the OpenSSL project.
2.2.0 - Build cleanups and OS support 2.2.0 - Build cleanups and new OS support, Security Updates
* AIX Support - thanks to Michael Felt * AIX Support - thanks to Michael Felt
@@ -51,6 +51,20 @@ with the OpenSSL project.
* Various bug fixes and simplifications to libssl and libcrypto * Various bug fixes and simplifications to libssl and libcrypto
* Fixes for the following issues are integrated into LibreSSL 2.2.0:
- CVE-2015-1788 - Malformed ECParameters causes infinite loop
- CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
- CVE-2015-1792 - CMS verify infinite loop with unknown hash function
* The following CVEs did not apply to LibreSSL or were fixed in
earlier releases:
- CVE-2015-4000 - DHE man-in-the-middle protection (Logjam)
- CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent
- CVE-2014-8176 - Invalid free in DTLS
* Fixes for the following CVEs are still in review for LibreSSL
- CVE-2015-1791 - Race condition handling NewSessionTicket
2.1.6 - Security update 2.1.6 - Security update
* Fixes for the following issues are integrated into LibreSSL 2.1.6: * Fixes for the following issues are integrated into LibreSSL 2.1.6: