aboutsummaryrefslogtreecommitdiffstats
path: root/CHANGES
diff options
context:
space:
mode:
authorSimon L. B. Nielsen <simon@FreeBSD.org>2010-04-01 12:25:40 +0000
committerSimon L. B. Nielsen <simon@FreeBSD.org>2010-04-01 12:25:40 +0000
commit0cedaa6c89235ed396068f2ebf546c9a909439e1 (patch)
treeea91d9b180fa36b1886b046a286630c089f57475 /CHANGES
parentf7a1b4761cf3f798e1b42d703d38221b47ce1eec (diff)
downloadsrc-0cedaa6c89235ed396068f2ebf546c9a909439e1.tar.gz
src-0cedaa6c89235ed396068f2ebf546c9a909439e1.zip
Import OpenSSL 0.9.8n.vendor/openssl/0.9.8n
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=206035 svn path=/vendor-crypto/openssl/0.9.8n/; revision=206037; tag=vendor/openssl/0.9.8n
Diffstat (limited to 'CHANGES')
-rw-r--r--CHANGES15
1 files changed, 15 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 97b3810f40a8..b350da79f66b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,21 @@
OpenSSL CHANGES
_______________
+ Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
+
+ *) When rejecting SSL/TLS records due to an incorrect version number, never
+ update s->server with a new major version number. As of
+ - OpenSSL 0.9.8m if 'short' is a 16-bit type,
+ - OpenSSL 0.9.8f if 'short' is longer than 16 bits,
+ the previous behavior could result in a read attempt at NULL when
+ receiving specific incorrect SSL/TLS records once record payload
+ protection is active. (CVE-2010-0740)
+ [Bodo Moeller, Adam Langley <agl@chromium.org>]
+
+ *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
+ could be crashed if the relevant tables were not present (e.g. chrooted).
+ [Tomas Hoger <thoger@redhat.com>]
+
Changes between 0.9.8l and 0.9.8m [25 Feb 2010]
*) Always check bn_wexpend() return values for failure. (CVE-2009-3245)