Update CHANGES and NEWS for the new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell
6 years ago
8 | 8 | |
9 | 9 | Changes between 1.0.2n and 1.0.2o [xx XXX xxxx] |
10 | 10 | |
11 | *) | |
11 | *) Constructed ASN.1 types with a recursive definition could exceed the stack | |
12 | ||
13 | Constructed ASN.1 types with a recursive definition (such as can be found | |
14 | in PKCS7) could eventually exceed the stack given malicious input with | |
15 | excessive recursion. This could result in a Denial Of Service attack. There | |
16 | are no such structures used within SSL/TLS that come from untrusted sources | |
17 | so this is considered safe. | |
18 | ||
19 | This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz | |
20 | project. | |
21 | (CVE-2018-0739) | |
22 | [Matt Caswell] | |
12 | 23 | |
13 | 24 | Changes between 1.0.2m and 1.0.2n [7 Dec 2017] |
14 | 25 |