summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--CHANGES20
-rw-r--r--NEWS11
2 files changed, 29 insertions, 2 deletions
diff --git a/CHANGES b/CHANGES
index 6b26b19b1b..b11a528170 100644
--- a/CHANGES
+++ b/CHANGES
@@ -416,7 +416,9 @@
*) Change 'Configure' script to enable Camellia by default.
[NTT]
- Changes between 0.9.8c and 0.9.8d [xx XXX xxxx]
+ Changes between 0.9.8d and 0.9.8e [XX xxx XXXX]
+
+ Changes between 0.9.8c and 0.9.8d [28 Sep 2006]
*) Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)
@@ -1420,7 +1422,21 @@
differing sizes.
[Richard Levitte]
- Changes between 0.9.7k and 0.9.7l [xx XXX xxxx]
+ Changes between 0.9.7k and 0.9.7l [28 Sep 2006]
+
+ *) Introduce limits to prevent malicious keys being able to
+ cause a denial of service. (CVE-2006-2940)
+ [Steve Henson, Bodo Moeller]
+
+ *) Fix ASN.1 parsing of certain invalid structures that can result
+ in a denial of service. (CVE-2006-2937) [Steve Henson]
+
+ *) Fix buffer overflow in SSL_get_shared_ciphers() function.
+ (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
+
+ *) Fix SSL client code which could crash if connecting to a
+ malicious SSLv2 server. (CVE-2006-4343)
+ [Tavis Ormandy and Will Drewry, Google Security Team]
*) Change ciphersuite string processing so that an explicit
ciphersuite selects this one ciphersuite (so that "AES256-SHA"
diff --git a/NEWS b/NEWS
index 6bda70f39b..5482e9e584 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,12 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d:
+
+ o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
+ o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
+ o Changes to ciphersuite selection algorithm
+
Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c:
o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
@@ -99,6 +105,11 @@
o Added initial support for Win64.
o Added alternate pkg-config files.
+ Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:
+
+ o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
+ o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
+
Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k:
o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339