diff options
| author | Matt Caswell <matt@openssl.org> | 2024-03-05 17:01:20 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-04-08 12:06:25 +0200 |
| commit | 03c4b0eab6dcbb59e3f58baad634be8fc798c103 (patch) | |
| tree | eda3d818cccbd84a36629ae5b0fe2e57a2df344c /NEWS.md | |
| parent | Fix unconstrained session cache growth in TLSv1.3 (diff) | |
| download | openssl-03c4b0eab6dcbb59e3f58baad634be8fc798c103.tar.xz openssl-03c4b0eab6dcbb59e3f58baad634be8fc798c103.zip | |
Add a CHANGES.md/NEWS.md entry for the unbounded memory growth bug
Related to CVE-2024-2511
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24042)
Diffstat (limited to '')
| -rw-r--r-- | NEWS.md | 13 |
1 files changed, 12 insertions, 1 deletions
@@ -29,7 +29,17 @@ OpenSSL 3.3 OpenSSL 3.2 ----------- -### Major changes between OpenSSL 3.2.0 and OpenSSL 3.2.1 [under development] +### Major changes between OpenSSL 3.2.1 and OpenSSL 3.2.2 [under development] + +OpenSSL 3.2.2 is a security patch release. The most severe CVE fixed in this +release is Low. + +This release incorporates the following bug fixes and mitigations: + + * Fixed unbounded memory growth with session handling in TLSv1.3 + ([CVE-2024-2511]) + +### Major changes between OpenSSL 3.2.0 and OpenSSL 3.2.1 [30 Jan 2024] OpenSSL 3.2.1 is a security patch release. The most severe CVE fixed in this release is Low. @@ -1592,6 +1602,7 @@ OpenSSL 0.9.x <!-- Links --> +[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511 [CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727 [CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237 [CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129 |