include 0.9.8d and 0.9.7l information

61118caa · Bodo Möller · 348be7ec · 61118caa · 61118caa
隐藏空白更改
内联并排

Showing with 29 addition and 2 deletion

CHANGES CHANGES +18 -2

NEWS NEWS +11 -0

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -416,7 +416,9 @@
  *) Change 'Configure' script to enable Camellia by default.
     [NTT]

- Changes between 0.9.8c and 0.9.8d  [xx XXX xxxx]
+ Changes between 0.9.8d and 0.9.8e  [XX xxx XXXX]
+
+ Changes between 0.9.8c and 0.9.8d  [28 Sep 2006]

  *) Introduce limits to prevent malicious keys being able to
     cause a denial of service.  (CVE-2006-2940)
@@ -1420,7 +1422,21 @@
     differing sizes.
     [Richard Levitte]

- Changes between 0.9.7k and 0.9.7l  [xx XXX xxxx]
+ Changes between 0.9.7k and 0.9.7l  [28 Sep 2006]
+
+  *) Introduce limits to prevent malicious keys being able to
+     cause a denial of service.  (CVE-2006-2940)
+     [Steve Henson, Bodo Moeller]
+
+  *) Fix ASN.1 parsing of certain invalid structures that can result
+     in a denial of service.  (CVE-2006-2937)  [Steve Henson]
+
+  *) Fix buffer overflow in SSL_get_shared_ciphers() function. 
+     (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
+
+  *) Fix SSL client code which could crash if connecting to a
+     malicious SSLv2 server.  (CVE-2006-4343)
+     [Tavis Ormandy and Will Drewry, Google Security Team]

  *) Change ciphersuite string processing so that an explicit
     ciphersuite selects this one ciphersuite (so that "AES256-SHA"

--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,12 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

+  Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d:
+
+      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
+      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
+      o Changes to ciphersuite selection algorithm
+
  Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c:

      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
@@ -99,6 +105,11 @@
      o Added initial support for Win64.
      o Added alternate pkg-config files.

+  Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:
+
+      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
+      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
+
  Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k:

      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339