Commit 35c8d0d8 authored by Matt Caswell's avatar Matt Caswell
Browse files

Update CHANGES and NEWS 



Update the CHANGES and NEWS files for the new release.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 2cdafc51

CHANGES

+11 −1
Original line number Diff line number Diff line
@@ -4,7 +4,17 @@ 


 Changes between 0.9.8zg and 0.9.8zh [xx XXX xxxx]



  *)

  *) X509_ATTRIBUTE memory leak



     When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak

     memory. This structure is used by the PKCS#7 and CMS routines so any

     application which reads PKCS#7 or CMS data from untrusted sources is

     affected. SSL/TLS is not affected.



     This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using

     libFuzzer.

     (CVE-2015-3195)

     [Stephen Henson]



 Changes between 0.9.8zf and 0.9.8zg [11 Jun 2015]

NEWS

+1 −1
Original line number Diff line number Diff line
@@ -7,7 +7,7 @@ 


  Major changes between OpenSSL 0.9.8zg and OpenSSL 0.9.8zh [under development]



      o

      o X509_ATTRIBUTE memory leak (CVE-2015-3195)



  Major changes between OpenSSL 0.9.8zf and OpenSSL 0.9.8zg [11 Jun 2015]