generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

synchronize with 0.9.6-stable version of this file

Browse Source
This commit is contained in:
Bodo Möller 2002-10-11 17:53:21 +00:00
parent 8d44d96ec3
commit 84236041c1
1 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
CHANGES
View File

@ -4,6 +4,14 @@
Changes between 0.9.6h and 0.9.7 [XX xxx 2002]
*) Change from security patch (see 0.9.6e below) that did not affect
the 0.9.6 release series:
Remote buffer overflow in SSL3 protocol - an attacker could
supply an oversized master key in Kerberos-enabled versions.
(CAN-2002-0657)
[Ben Laurie (CHATS)]
*) Change the SSL kerb5 codes to match RFC 2712.
[Richard Levitte]
@ -1719,7 +1727,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
overflow checks added in 0.9.6e. This prevents DoS (the
assertions could call abort()).
[Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
*) Add various sanity checks to asn1_get_length() to reject
@ -1770,11 +1778,6 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
too small for 64 bit platforms. (CAN-2002-0655)
[Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
*) Remote buffer overflow in SSL3 protocol - an attacker could
supply an oversized master key in Kerberos-enabled versions.
(CAN-2002-0657)
[Ben Laurie (CHATS)]
*) Remote buffer overflow in SSL3 protocol - an attacker could
supply an oversized session ID to a client. (CAN-2002-0656)
[Ben Laurie (CHATS)]
@ -1869,13 +1872,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
value is 0.
[Richard Levitte]
*) Add the configuration target linux-s390x.
[Neale Ferguson <Neale.Ferguson@SoftwareAG-USA.com> via Richard Levitte]
*) [In 0.9.6d-engine release:]
Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
[Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
*) Add the configuration target linux-s390x.
[Neale Ferguson <Neale.Ferguson@SoftwareAG-USA.com> via Richard Levitte]
*) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of
ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag
variable as an indication that a ClientHello message has been