path: root/NEWS
diff options
authorJung-uk Kim <jkim@FreeBSD.org>2016-05-03 18:00:27 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2016-05-03 18:00:27 +0000
commit57f1256b1a087adbdf8e5c080dd9ed7975de939a (patch)
tree2dd85c58056a364765d9ae59d6a1774d41f88523 /NEWS
parent9aeed18ad799c20d3accf6e1535817538dc983f6 (diff)
Import OpenSSL 1.0.2h.vendor/openssl/1.0.2h
Notes: svn path=/vendor-crypto/openssl/dist/; revision=298991 svn path=/vendor-crypto/openssl/1.0.2h/; revision=298992; tag=vendor/openssl/1.0.2h
Diffstat (limited to 'NEWS')
1 files changed, 13 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 33242c83624d..6c85116fc87d 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,19 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]
+ o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
+ o Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
+ o Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
+ o Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
+ o EBCDIC overread (CVE-2016-2176)
+ o Modify behavior of ALPN to invoke callback after SNI/servername
+ callback, such that updates to the SSL_CTX affect ALPN.
+ o Remove LOW from the DEFAULT cipher list. This removes singles DES from
+ the default.
+ o Only remove the SSLv2 methods with the no-ssl2-method option.
Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016]
o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.