diff options
| author | Matt Caswell <matt@openssl.org> | 2016-09-26 09:51:30 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-09-26 10:02:06 +0100 |
| commit | ca430ece0d5cf5820d9e580252f3118602e40332 (patch) | |
| tree | 5fd0b021ee5fb182a9b18c3e3a603ddb97a80866 | |
| parent | 6e629b5be45face20b4ca71c4fcbfed78b864a2e (diff) | |
| download | openssl-new-ca430ece0d5cf5820d9e580252f3118602e40332.tar.gz | |
Update CHANGES and NEWS for the new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
| -rw-r--r-- | CHANGES | 10 | ||||
| -rw-r--r-- | NEWS | 2 |
2 files changed, 10 insertions, 2 deletions
@@ -4,7 +4,15 @@ Changes between 1.0.2i and 1.0.2j [xx XXX xxxx] - *) + *) Missing CRL sanity check + + A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 + but was omitted from OpenSSL 1.0.2i. As a result any attempt to use + CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. + + This issue only affects the OpenSSL 1.0.2i + (CVE-2016-7052) + [Matt Caswell] Changes between 1.0.2h and 1.0.2i [22 Sep 2016] @@ -7,7 +7,7 @@ Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [under development] - o + o Fix Use After Free for large message sizes (CVE-2016-6309) Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016] |