generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

include 0.9.8d and 0.9.7l information

Browse Source
This commit is contained in:
Bodo Möller 2006-09-28 13:35:01 +00:00
parent 348be7ec60
commit 61118caa86
2 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CHANGES
View File

@ -416,7 +416,9 @@
*) Change 'Configure' script to enable Camellia by default. *) Change 'Configure' script to enable Camellia by default.
[NTT] [NTT]
Changes between 0.9.8c and 0.9.8d [xx XXX xxxx] Changes between 0.9.8d and 0.9.8e [XX xxx XXXX]
Changes between 0.9.8c and 0.9.8d [28 Sep 2006]
*) Introduce limits to prevent malicious keys being able to *) Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940) cause a denial of service. (CVE-2006-2940)
@ -1420,7 +1422,21 @@
differing sizes. differing sizes.
[Richard Levitte] [Richard Levitte]
Changes between 0.9.7k and 0.9.7l [xx XXX xxxx] Changes between 0.9.7k and 0.9.7l [28 Sep 2006]
*) Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
*) Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937) [Steve Henson]
*) Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
*) Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
*) Change ciphersuite string processing so that an explicit *) Change ciphersuite string processing so that an explicit
ciphersuite selects this one ciphersuite (so that "AES256-SHA" ciphersuite selects this one ciphersuite (so that "AES256-SHA"

11
NEWS
View File

@ -5,6 +5,12 @@
This file gives a brief overview of the major changes between each OpenSSL This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file. release. For more details please read the CHANGES file.
Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d:
o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
o Changes to ciphersuite selection algorithm
Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c: Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c:
o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
@ -99,6 +105,11 @@
o Added initial support for Win64. o Added initial support for Win64.
o Added alternate pkg-config files. o Added alternate pkg-config files.
Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:
o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k: Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k:
o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339