mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-21 01:15:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

include 0.9.8d and 0.9.7l information

Browse Source
This commit is contained in:
Bodo Möller 2006-09-28 13:35:01 +00:00
parent 348be7ec60
commit 61118caa86
2 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CHANGES
View File

@ -416,7 +416,9 @@
*) Change 'Configure' script to enable Camellia by default.
[NTT]
Changes between 0.9.8c and 0.9.8d [xx XXX xxxx]
Changes between 0.9.8d and 0.9.8e [XX xxx XXXX]
Changes between 0.9.8c and 0.9.8d [28 Sep 2006]
*) Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)
@ -1420,7 +1422,21 @@
differing sizes.
[Richard Levitte]
Changes between 0.9.7k and 0.9.7l [xx XXX xxxx]
Changes between 0.9.7k and 0.9.7l [28 Sep 2006]
*) Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
*) Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937) [Steve Henson]
*) Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
*) Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
*) Change ciphersuite string processing so that an explicit
ciphersuite selects this one ciphersuite (so that "AES256-SHA"

11
NEWS
View File

@ -5,6 +5,12 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d:
o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
o Changes to ciphersuite selection algorithm
Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c:
o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
@ -99,6 +105,11 @@
o Added initial support for Win64.
o Added alternate pkg-config files.
Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:
o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k:
o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339