Loading CHANGES +29 −3 Original line number Diff line number Diff line Loading @@ -146,7 +146,7 @@ whose return value is often ignored. [Steve Henson] Changes between 1.0.0c and 1.0.1 [xx XXX xxxx] Changes between 1.0.0d and 1.0.1 [xx XXX xxxx] *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. [Steve Henson] Loading Loading @@ -185,7 +185,10 @@ Add command line options to s_client/s_server. [Steve Henson] Changes between 1.0.0c and 1.0.0d [xx XXX xxxx] Changes between 1.0.0c and 1.0.0d [8 Feb 2011] *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 [Neel Mehta, Adam Langley, Bodo Moeller (Google)] *) Fix bug in string printing code: if *any* escaping is enabled we must escape the escape character (backslash) or the resulting string is Loading Loading @@ -1062,11 +1065,34 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] Changes between 0.9.8o and 0.9.8p [xx XXX xxxx] Changes between 0.9.8q and 0.9.8r [8 Feb 2011] *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 [Neel Mehta, Adam Langley, Bodo Moeller (Google)] *) Fix bug in string printing code: if *any* escaping is enabled we must escape the escape character (backslash) or the resulting string is ambiguous. [Steve Henson] Changes between 0.9.8p and 0.9.8q [2 Dec 2010] *) Disable code workaround for ancient and obsolete Netscape browsers and servers: an attacker can use it in a ciphersuite downgrade attack. Thanks to Martin Rex for discovering this bug. CVE-2010-4180 [Steve Henson] *) Fixed J-PAKE implementation error, originally discovered by Sebastien Martini, further info and confirmation from Stefan Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252 [Ben Laurie] Changes between 0.9.8o and 0.9.8p [16 Nov 2010] *) Fix extension code to avoid race conditions which can result in a buffer overrun vulnerability: resumed sessions must not be modified as they can be shared by multiple threads. CVE-2010-3864 [Steve Henson] *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939 [Steve Henson] Loading Loading
CHANGES +29 −3 Original line number Diff line number Diff line Loading @@ -146,7 +146,7 @@ whose return value is often ignored. [Steve Henson] Changes between 1.0.0c and 1.0.1 [xx XXX xxxx] Changes between 1.0.0d and 1.0.1 [xx XXX xxxx] *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. [Steve Henson] Loading Loading @@ -185,7 +185,10 @@ Add command line options to s_client/s_server. [Steve Henson] Changes between 1.0.0c and 1.0.0d [xx XXX xxxx] Changes between 1.0.0c and 1.0.0d [8 Feb 2011] *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 [Neel Mehta, Adam Langley, Bodo Moeller (Google)] *) Fix bug in string printing code: if *any* escaping is enabled we must escape the escape character (backslash) or the resulting string is Loading Loading @@ -1062,11 +1065,34 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] Changes between 0.9.8o and 0.9.8p [xx XXX xxxx] Changes between 0.9.8q and 0.9.8r [8 Feb 2011] *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 [Neel Mehta, Adam Langley, Bodo Moeller (Google)] *) Fix bug in string printing code: if *any* escaping is enabled we must escape the escape character (backslash) or the resulting string is ambiguous. [Steve Henson] Changes between 0.9.8p and 0.9.8q [2 Dec 2010] *) Disable code workaround for ancient and obsolete Netscape browsers and servers: an attacker can use it in a ciphersuite downgrade attack. Thanks to Martin Rex for discovering this bug. CVE-2010-4180 [Steve Henson] *) Fixed J-PAKE implementation error, originally discovered by Sebastien Martini, further info and confirmation from Stefan Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252 [Ben Laurie] Changes between 0.9.8o and 0.9.8p [16 Nov 2010] *) Fix extension code to avoid race conditions which can result in a buffer overrun vulnerability: resumed sessions must not be modified as they can be shared by multiple threads. CVE-2010-3864 [Steve Henson] *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939 [Steve Henson] Loading
