]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
b8be5718 DSH |
5 | Changes between 0.9.8q and 0.9.8r [xx XXX xxxx] |
6 | ||
9ad76517 DSH |
7 | *) Fix bug in string printing code: if *any* escaping is enabled we must |
8 | escape the escape character (backslash) or the resulting string is | |
9 | ambiguous. | |
10 | [Steve Henson] | |
b8be5718 | 11 | |
acd43bf3 | 12 | Changes between 0.9.8p and 0.9.8q [2 Dec 2010] |
00675803 | 13 | |
7890b562 DSH |
14 | *) Disable code workaround for ancient and obsolete Netscape browsers |
15 | and servers: an attacker can use it in a ciphersuite downgrade attack. | |
16 | Thanks to Martin Rex for discovering this bug. CVE-2010-4180 | |
17 | [Steve Henson] | |
18 | ||
efed63d7 BL |
19 | *) Fixed J-PAKE implementation error, originally discovered by |
20 | Sebastien Martini, further info and confirmation from Stefan | |
f7ffc3a6 | 21 | Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252 |
efed63d7 | 22 | [Ben Laurie] |
00675803 | 23 | |
7e541b1a | 24 | Changes between 0.9.8o and 0.9.8p [16 Nov 2010] |
1dac2cae | 25 | |
2ae47ddb DSH |
26 | *) Fix extension code to avoid race conditions which can result in a buffer |
27 | overrun vulnerability: resumed sessions must not be modified as they can | |
28 | be shared by multiple threads. CVE-2010-3864 | |
29 | [Steve Henson] | |
30 | ||
a0731292 DSH |
31 | *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939 |
32 | [Steve Henson] | |
33 | ||
6cb5746b DSH |
34 | *) Don't reencode certificate when calculating signature: cache and use |
35 | the original encoding instead. This makes signature verification of | |
36 | some broken encodings work correctly. | |
37 | [Steve Henson] | |
38 | ||
d4ba6424 BM |
39 | *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT |
40 | is also one of the inputs. | |
41 |