diff options
| author | Jung-uk Kim <jkim@FreeBSD.org> | 2016-03-01 17:57:01 +0000 |
|---|---|---|
| committer | Jung-uk Kim <jkim@FreeBSD.org> | 2016-03-01 17:57:01 +0000 |
| commit | 9aeed18ad799c20d3accf6e1535817538dc983f6 (patch) | |
| tree | 37a4bb1290ee86a2b4ce070f139b2379ee747425 /NEWS | |
| parent | c188d4cade9cba451816aef2371942bea4ff837f (diff) | |
| download | src-9aeed18ad799c20d3accf6e1535817538dc983f6.tar.gz src-9aeed18ad799c20d3accf6e1535817538dc983f6.zip | |
Import OpenSSL 1.0.2g.vendor/openssl/1.0.2g
Notes
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=296273
svn path=/vendor-crypto/openssl/1.0.2g/; revision=296274; tag=vendor/openssl/1.0.2g
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -5,6 +5,19 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016] + + o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. + o Disable SSLv2 default build, default negotiation and weak ciphers + (CVE-2016-0800) + o Fix a double-free in DSA code (CVE-2016-0705) + o Disable SRP fake user seed to address a server memory leak + (CVE-2016-0798) + o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption + (CVE-2016-0797) + o Fix memory issues in BIO_*printf functions (CVE-2016-0799) + o Fix side channel attack on modular exponentiation (CVE-2016-0702) + Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] o DH small subgroups (CVE-2016-0701) |