Update CHANGES and NEWS for the new release (245daa2b) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+12 −1

Original line number	Diff line number	Diff line
		@@ -4,7 +4,18 @@

		Changes between 1.0.1o and 1.0.1p [xx XXX xxxx]

		*)
		*) Alternate chains certificate forgery

		During certificate verfification, OpenSSL will attempt to find an
		alternative certificate chain if the first attempt to build such a chain
		fails. An error in the implementation of this logic can mean that an
		attacker could cause certain checks on untrusted certificates to be
		bypassed, such as the CA flag, enabling them to use a valid leaf
		certificate to act as a CA and "issue" an invalid certificate.

		This issue was reported to OpenSSL by Adam Langley/David Benjamin
		(Google/BoringSSL).
		[Matt Caswell]

		Changes between 1.0.1n and 1.0.1o [12 Jun 2015]

+1 −1

Original line number	Diff line number	Diff line
		@@ -7,7 +7,7 @@

		Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [under development]

		o
		o Alternate chains certificate forgery (CVE-2015-1793)

		Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015]