Commit a95b0815 authored by Matt Caswell's avatar Matt Caswell
Browse files

Remove duplicate CHANGES entry 



Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9844)
parent 08229ad8

CHANGES

+1 −12
Original line number Original line Diff line number Diff line
@@ -24,18 +24,6 @@ 
     (CVE-2019-1549)

     (CVE-2019-1549)

     [Matthias St. Pierre]

     [Matthias St. Pierre]

















  *) Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt(). In situations














     where an attacker receives automated notification of the success or failure














     of a decryption attempt an attacker, after sending a very large number of














     messages to be decrypted, can recover a CMS/PKCS7 transported encryption














     key or decrypt any RSA encrypted message that was encrypted with the public














     RSA key, using a Bleichenbacher padding oracle attack. Applications are not














     affected if they use a certificate together with the private RSA key to the














     CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info














     to decrypt.














     (CVE-2019-1563)














     [Bernd Edlinger]



























  *) For built-in EC curves, ensure an EC_GROUP built from the curve name is







  *) For built-in EC curves, ensure an EC_GROUP built from the curve name is











     used even when parsing explicit parameters, when loading a serialized key







     used even when parsing explicit parameters, when loading a serialized key











     or calling `EC_GROUP_new_from_ecpkparameters()`/







     or calling `EC_GROUP_new_from_ecpkparameters()`/










@@ -66,6 +54,7 @@









     certifiate is not given and all recipientInfo are tried out.







     certifiate is not given and all recipientInfo are tried out.











     The old behaviour can be re-enabled in the CMS code by setting the







     The old behaviour can be re-enabled in the CMS code by setting the











     CMS_DEBUG_DECRYPT flag.







     CMS_DEBUG_DECRYPT flag.














     (CVE-2019-1563)











     [Bernd Edlinger]







     [Bernd Edlinger]



























  *) Early start up entropy quality from the DEVRANDOM seed source has been







  *) Early start up entropy quality from the DEVRANDOM seed source has been

































NEWS



+1
−1






























Original line number
Original line
Diff line number
Diff line








@@ -8,7 +8,7 @@









  Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [under development]







  Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [under development]































      o Fixed a fork protection issue (CVE-2019-1549)







      o Fixed a fork protection issue (CVE-2019-1549)











      o Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt()







      o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey











        (CVE-2019-1563)







        (CVE-2019-1563)











      o For built-in EC curves, ensure an EC_GROUP built from the curve name is







      o For built-in EC curves, ensure an EC_GROUP built from the curve name is











        used even when parsing explicit parameters







        used even when parsing explicit parameters