+ Major changes between OpenSSL 0.9.8zg and OpenSSL 0.9.8zh [under development]
+
+ o
+
+ Major changes between OpenSSL 0.9.8zf and OpenSSL 0.9.8zg [11 Jun 2015]
+
+ o Malformed ECParameters causes infinite loop (CVE-2015-1788)
+ o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
+ o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
+ o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
+ o Race condition handling NewSessionTicket (CVE-2015-1791)
+
+ Major changes between OpenSSL 0.9.8ze and OpenSSL 0.9.8zf [19 Mar 2015]
+
+ o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
+ o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
+ o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
+ o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
+ o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
+ o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
+ o Removed the export ciphers from the DEFAULT ciphers
+
+ Major changes between OpenSSL 0.9.8zd and OpenSSL 0.9.8ze [15 Jan 2015]
+
+ o Build fixes for the Windows and OpenVMS platforms
+
+ Major changes between OpenSSL 0.9.8zc and OpenSSL 0.9.8zd [8 Jan 2015]
+
+ o Fix for CVE-2014-3571
+ o Fix for CVE-2014-3569
+ o Fix for CVE-2014-3572
+ o Fix for CVE-2015-0204
+ o Fix for CVE-2014-8275
+ o Fix for CVE-2014-3570
+
+ Major changes between OpenSSL 0.9.8zb and OpenSSL 0.9.8zc [15 Oct 2014]:
+
+ o Fix for CVE-2014-3513
+ o Fix for CVE-2014-3567
+ o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
+ o Fix for CVE-2014-3568
+
+ Major changes between OpenSSL 0.9.8za and OpenSSL 0.9.8zb [6 Aug 2014]:
+
+ o Fix for CVE-2014-3510
+ o Fix for CVE-2014-3507
+ o Fix for CVE-2014-3506
+ o Fix for CVE-2014-3505
+ o Fix for CVE-2014-3508
+
+ Known issues in OpenSSL 0.9.8za:
+
+ o Compilation failure of s3_pkt.c on some platforms due to missing
+ <limits.h> include. Fixed in 0.9.8zb-dev.
+ o FIPS capable link failure with missing symbol BN_consttime_swap.
+ Fixed in 0.9.8zb-dev. Workaround is to compile with no-ec: the EC
+ algorithms are not FIPS approved in OpenSSL 0.9.8 anyway.
+
+ Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]:
+
+ o Fix for CVE-2014-0224
+ o Fix for CVE-2014-0221
+ o Fix for CVE-2014-0195
+ o Fix for CVE-2014-3470
+ o Fix for CVE-2014-0076
+ o Fix for CVE-2010-5298
+ o Fix to TLS alert handling.
+
+ Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]:
+
+ o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+ o Fix OCSP bad key DoS attack CVE-2013-0166
+
+ Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]:
+
+ o Fix DTLS record length checking bug CVE-2012-2333
+
+ Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]: