From 61118caa86ecf8acba2c6d17caabeed9022acf9d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bodo=20M=C3=B6ller?= Date: Thu, 28 Sep 2006 13:35:01 +0000 Subject: [PATCH] include 0.9.8d and 0.9.7l information --- CHANGES | 20 ++++++++++++++++++-- NEWS | 11 +++++++++++ 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 6b26b19b1b..b11a528170 100644 --- a/CHANGES +++ b/CHANGES @@ -416,7 +416,9 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] - Changes between 0.9.8c and 0.9.8d [xx XXX xxxx] + Changes between 0.9.8d and 0.9.8e [XX xxx XXXX] + + Changes between 0.9.8c and 0.9.8d [28 Sep 2006] *) Introduce limits to prevent malicious keys being able to cause a denial of service. (CVE-2006-2940) @@ -1420,7 +1422,21 @@ differing sizes. [Richard Levitte] - Changes between 0.9.7k and 0.9.7l [xx XXX xxxx] + Changes between 0.9.7k and 0.9.7l [28 Sep 2006] + + *) Introduce limits to prevent malicious keys being able to + cause a denial of service. (CVE-2006-2940) + [Steve Henson, Bodo Moeller] + + *) Fix ASN.1 parsing of certain invalid structures that can result + in a denial of service. (CVE-2006-2937) [Steve Henson] + + *) Fix buffer overflow in SSL_get_shared_ciphers() function. + (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] + + *) Fix SSL client code which could crash if connecting to a + malicious SSLv2 server. (CVE-2006-4343) + [Tavis Ormandy and Will Drewry, Google Security Team] *) Change ciphersuite string processing so that an explicit ciphersuite selects this one ciphersuite (so that "AES256-SHA" diff --git a/NEWS b/NEWS index 6bda70f39b..5482e9e584 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,12 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d: + + o Introduce limits to prevent malicious key DoS (CVE-2006-2940) + o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) + o Changes to ciphersuite selection algorithm + Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c: o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 @@ -99,6 +105,11 @@ o Added initial support for Win64. o Added alternate pkg-config files. + Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l: + + o Introduce limits to prevent malicious key DoS (CVE-2006-2940) + o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) + Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k: o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 -- 2.25.1