X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=NEWS;h=0852bd323c883b9557487fdc2656aaf8058b53c5;hp=9a46c67fcf5072abbe7cc89c30ad5c16e558d985;hb=75a3e39288feeeefde5ed1f96ff9faeba0d2b233;hpb=5105ba5bec773883e86d8c026d1eac1f1c970669 diff --git a/NEWS b/NEWS index 9a46c67fcf..0852bd323c 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,40 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [in pre-release] + Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.1 [under development] + + o + + Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017] + + o Encrypt-Then-Mac renegotiation crash (CVE-2017-3733) + + Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017] + + o Truncated packet could crash via OOB read (CVE-2017-3731) + o Bad (EC)DHE parameters cause a client crash (CVE-2017-3730) + o BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) + + Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016] + + o ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054) + o CMS Null dereference (CVE-2016-7053) + o Montgomery multiplication may produce incorrect results (CVE-2016-7055) + + Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016] + + o Fix Use After Free for large message sizes (CVE-2016-6309) + + Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016] + + o OCSP Status Request extension unbounded memory growth (CVE-2016-6304) + o SSL_peek() hang on empty record (CVE-2016-6305) + o Excessive allocation of memory in tls_get_message_header() + (CVE-2016-6307) + o Excessive allocation of memory in dtls1_preprocess_fragment() + (CVE-2016-6308) + + Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016] o Copyright text was shrunk to a boilerplate that points to the license o "shared" builds are now the default when possible