diff options
| author | Matt Caswell <matt@openssl.org> | 2022-04-26 15:39:34 +0200 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2022-05-03 14:26:00 +0200 |
| commit | 73e044bd1aa3ff00e189624b4807e15e8de8f8e4 (patch) | |
| tree | c5343cceb17a5ed18a3c951e855148220f2a7570 /NEWS.md | |
| parent | Update Paul's pgp key signature (diff) | |
| download | openssl-73e044bd1aa3ff00e189624b4807e15e8de8f8e4.tar.xz openssl-73e044bd1aa3ff00e189624b4807e15e8de8f8e4.zip | |
Update CHANGES and NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
Diffstat (limited to 'NEWS.md')
| -rw-r--r-- | NEWS.md | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -29,6 +29,17 @@ OpenSSL 3.1 OpenSSL 3.0 ----------- +### Major changes between OpenSSL 3.0.2 and OpenSSL 3.0.3 + + * Fixed a bug in the c_rehash script which was not properly sanitising shell + metacharacters to prevent command injection ([CVE-2022-1292]) + * Fixed a bug in the function `OCSP_basic_verify` that verifies the signer + certificate on an OCSP response ([CVE-2022-1343]) + * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the + AAD data as the MAC key ([CVE-2022-1434]) + * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory + occuppied by the removed hash table entries ([CVE-2022-1473]) + ### Major changes between OpenSSL 3.0.1 and OpenSSL 3.0.2 * Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever |