Commit 548cce63 authored by Matt Caswell's avatar Matt Caswell
Browse files

Update CHANGES and NEWS for new release 



Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
Reviewed-by: default avatarNicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7667)
parent d88ff896

CHANGES

+10 −0
Original line number Diff line number Diff line
@@ -22,6 +22,16 @@ 
     (CVE-2018-5407)

     [Billy Brumley]



  *) Timing vulnerability in DSA signature generation



     The OpenSSL DSA signature algorithm has been shown to be vulnerable to a

     timing side channel attack. An attacker could use variations in the signing

     algorithm to recover the private key.



     This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.

     (CVE-2018-0734)

     [Paul Dale]



  *) Resolve a compatibility issue in EC_GROUP handling with the FIPS Object

     Module, accidentally introduced while backporting security fixes from the

     development branch and hindering the use of ECC in FIPS mode.

NEWS

+2 −1
Original line number Diff line number Diff line
@@ -7,7 +7,8 @@ 


  Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [under development]



      o

      o Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)

      o Timing vulnerability in DSA signature generation (CVE-2018-0734)



  Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018]