Update CHANGES and NEWS

Update the CHANGES and NEWS files for the new release. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-01 14:39:47 +00:00
parent 2cdafc51f0
commit 35c8d0d85f
2 changed files with 12 additions and 2 deletions
--- a/12
+++ b/12
@@ -4,7 +4,17 @@

 Changes between 0.9.8zg and 0.9.8zh [xx XXX xxxx]

-  *)
+  *) X509_ATTRIBUTE memory leak
+
+     When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
+     memory. This structure is used by the PKCS#7 and CMS routines so any
+     application which reads PKCS#7 or CMS data from untrusted sources is
+     affected. SSL/TLS is not affected.
+
+     This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using
+     libFuzzer.
+     (CVE-2015-3195)
+     [Stephen Henson]

 Changes between 0.9.8zf and 0.9.8zg [11 Jun 2015]

--- a/2
+++ b/2
@@ -7,7 +7,7 @@

  Major changes between OpenSSL 0.9.8zg and OpenSSL 0.9.8zh [under development]

-      o
+      o X509_ATTRIBUTE memory leak (CVE-2015-3195)

  Major changes between OpenSSL 0.9.8zf and OpenSSL 0.9.8zg [11 Jun 2015]