aboutsummaryrefslogtreecommitdiffstats
path: root/CHANGES
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2015-12-03 17:25:26 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2015-12-03 17:25:26 +0000
commit145e3a85931a836f8dccec73e02594f7255abcfd (patch)
tree03b95bb4075b5bfadd5b0dabf3c4233035d6b774 /CHANGES
parentd7a2d00e5375699d95f3720a7b779ded3c805b5f (diff)
downloadsrc-vendor/openssl-0.9.8.tar.gz
src-vendor/openssl-0.9.8.zip
Notes
Notes: svn path=/vendor-crypto/openssl/dist-0.9.8/; revision=291711 svn path=/vendor-crypto/openssl/0.9.8zh/; revision=291712; tag=vendor/openssl/0.9.8zh
Diffstat (limited to 'CHANGES')
-rw-r--r--CHANGES14
1 files changed, 14 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 718071229cac..e08637559238 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,20 @@
OpenSSL CHANGES
_______________
+ Changes between 0.9.8zg and 0.9.8zh [3 Dec 2015]
+
+ *) X509_ATTRIBUTE memory leak
+
+ When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
+ memory. This structure is used by the PKCS#7 and CMS routines so any
+ application which reads PKCS#7 or CMS data from untrusted sources is
+ affected. SSL/TLS is not affected.
+
+ This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using
+ libFuzzer.
+ (CVE-2015-3195)
+ [Stephen Henson]
+
Changes between 0.9.8zf and 0.9.8zg [11 Jun 2015]
*) Malformed ECParameters causes infinite loop