Loading CHANGES +15 −1 Original line number Diff line number Diff line Loading @@ -1008,7 +1008,21 @@ differing sizes. [Richard Levitte] Changes between 0.9.7k and 0.9.7l [xx XXX xxxx] Changes between 0.9.7k and 0.9.7l [28 Sep 2006] *) Introduce limits to prevent malicious keys being able to cause a denial of service. (CVE-2006-2940) [Steve Henson, Bodo Moeller] *) Fix ASN.1 parsing of certain invalid structures that can result in a denial of service. (CVE-2006-2937) [Steve Henson] *) Fix buffer overflow in SSL_get_shared_ciphers() function. (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] *) Fix SSL client code which could crash if connecting to a malicious SSLv2 server. (CVE-2006-4343) [Tavis Ormandy and Will Drewry, Google Security Team] *) Change ciphersuite string processing so that an explicit ciphersuite selects this one ciphersuite (so that "AES256-SHA" Loading NEWS +5 −0 Original line number Diff line number Diff line Loading @@ -105,6 +105,11 @@ o Added initial support for Win64. o Added alternate pkg-config files. Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l: o Introduce limits to prevent malicious key DoS (CVE-2006-2940) o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k: o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 Loading Loading
CHANGES +15 −1 Original line number Diff line number Diff line Loading @@ -1008,7 +1008,21 @@ differing sizes. [Richard Levitte] Changes between 0.9.7k and 0.9.7l [xx XXX xxxx] Changes between 0.9.7k and 0.9.7l [28 Sep 2006] *) Introduce limits to prevent malicious keys being able to cause a denial of service. (CVE-2006-2940) [Steve Henson, Bodo Moeller] *) Fix ASN.1 parsing of certain invalid structures that can result in a denial of service. (CVE-2006-2937) [Steve Henson] *) Fix buffer overflow in SSL_get_shared_ciphers() function. (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] *) Fix SSL client code which could crash if connecting to a malicious SSLv2 server. (CVE-2006-4343) [Tavis Ormandy and Will Drewry, Google Security Team] *) Change ciphersuite string processing so that an explicit ciphersuite selects this one ciphersuite (so that "AES256-SHA" Loading
NEWS +5 −0 Original line number Diff line number Diff line Loading @@ -105,6 +105,11 @@ o Added initial support for Win64. o Added alternate pkg-config files. Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l: o Introduce limits to prevent malicious key DoS (CVE-2006-2940) o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k: o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 Loading
