generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update CHANGES and NEWS for new release

Browse Source 
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell
2016-03-01 11:00:48 +00:00
parent c582e9d213
commit 8954b54182
2 changed files with 98 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
NEWS
View File

@@ -8,7 +8,15 @@
Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [under development]
o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
o Disable SSLv2 default build, default negotiation and weak ciphers.
o Disable SSLv2 default build, default negotiation and weak ciphers
(CVE-2016-0800)
o Fix a double-free in DSA code (CVE-2016-0705)
o Disable SRP fake user seed to address a server memory leak
(CVE-2016-0798)
o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
(CVE-2016-0797)
o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
o Fix side channel attack on modular exponentiation (CVE-2016-0702)
Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016]