diff options
author | Matt Caswell <matt@openssl.org> | 2020-12-08 11:19:41 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-12-08 11:48:12 +0000 |
commit | a672794c04ec3ad0cf0796cf025edf6786de98b9 (patch) | |
tree | c98b43c03547d3a4cfddcbf19c1720c25ea42922 | |
parent | 433974af7b188d55b1da049b84f3fdeca320cb6a (diff) | |
download | openssl-new-a672794c04ec3ad0cf0796cf025edf6786de98b9.tar.gz |
Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
-rw-r--r-- | CHANGES | 13 | ||||
-rw-r--r-- | NEWS | 2 |
2 files changed, 14 insertions, 1 deletions
@@ -9,6 +9,19 @@ Changes between 1.1.1h and 1.1.1i [xx XXX xxxx] + *) Fixed NULL pointer deref in the GENERAL_NAME_cmp function + This function could crash if both GENERAL_NAMEs contain an EDIPARTYNAME. + If an attacker can control both items being compared then this could lead + to a possible denial of service attack. OpenSSL itself uses the + GENERAL_NAME_cmp function for two purposes: + 1) Comparing CRL distribution point names between an available CRL and a + CRL distribution point embedded in an X509 certificate + 2) When verifying that a timestamp response token signer matches the + timestamp authority name (exposed via the API functions + TS_RESP_verify_response and TS_RESP_verify_token) + (CVE-2020-1971) + [Matt Caswell] + *) Add support for Apple Silicon M1 Macs with the darwin64-arm64-cc target. [Stuart Carnie] @@ -7,7 +7,7 @@ Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [under development] - o + o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971) Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020] |