OpenSSL 3.3
-----------
-### Changes between 3.3.0 and 3.3.1 [xx XXX xxxx]
+### Changes between 3.3.1 and 3.3.2 [xx XXX xxxx]
+
+ * Fixed possible denial of service in X.509 name checks.
+
+ Applications performing certificate name checks (e.g., TLS clients checking
+ server certificates) may attempt to read an invalid memory address when
+ comparing the expected name with an `otherName` subject alternative name of
+ an X.509 certificate. This may result in an exception that terminates the
+ application program.
+
+ [(CVE-2024-6119)]
+
+ *Viktor Dukhovni*
+
+### Changes between 3.3.0 and 3.3.1 [4 Jun 2024]
* Fixed potential use after free after SSL_free_buffers() is called.
<!-- Links -->
+[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
OpenSSL 3.3
-----------
-### Major changes between OpenSSL 3.3.0 and OpenSSL 3.3.1 [under development]
+### Major changes between OpenSSL 3.3.1 and OpenSSL 3.3.2 [under development]
+
+OpenSSL 3.3.2 is a security patch release. The most severe CVE fixed in this
+release is Moderate.
+
+ * Fixed possible denial of service in X.509 name checks [(CVE-2024-6119)].
+
+### Major changes between OpenSSL 3.3.0 and OpenSSL 3.3.1 [4 Jun 2024]
OpenSSL 3.3.1 is a security patch release. The most severe CVE fixed in this
release is Low.
<!-- Links -->
+[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
projects / thirdparty / openssl.git / commitdiff
