Update CHANGES and NEWS for the new release (b621f604) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+12 −1

Original line number	Diff line number	Diff line
		@@ -9,7 +9,18 @@

		Changes between 1.0.2n and 1.0.2o [xx XXX xxxx]

		*)
		*) Constructed ASN.1 types with a recursive definition could exceed the stack

		Constructed ASN.1 types with a recursive definition (such as can be found
		in PKCS7) could eventually exceed the stack given malicious input with
		excessive recursion. This could result in a Denial Of Service attack. There
		are no such structures used within SSL/TLS that come from untrusted sources
		so this is considered safe.

		This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
		project.
		(CVE-2018-0739)
		[Matt Caswell]

		Changes between 1.0.2m and 1.0.2n [7 Dec 2017]

+2 −1

Original line number	Diff line number	Diff line
		@@ -7,7 +7,8 @@

		Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [under development]

		o
		o Constructed ASN.1 types with a recursive definition could exceed the
		stack (CVE-2018-0739)

		Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017]