Codebase list openssl / b621f60
Update CHANGES and NEWS for the new release Reviewed-by: Richard Levitte <levitte@openssl.org> Matt Caswell 6 years ago
2 changed file(s) with 14 addition(s) and 2 deletion(s). Raw diff Collapse all Expand all
+12
-1
CHANGES less more
88
99 Changes between 1.0.2n and 1.0.2o [xx XXX xxxx]
1010
11 *)
11 *) Constructed ASN.1 types with a recursive definition could exceed the stack
12
13 Constructed ASN.1 types with a recursive definition (such as can be found
14 in PKCS7) could eventually exceed the stack given malicious input with
15 excessive recursion. This could result in a Denial Of Service attack. There
16 are no such structures used within SSL/TLS that come from untrusted sources
17 so this is considered safe.
18
19 This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
20 project.
21 (CVE-2018-0739)
22 [Matt Caswell]
1223
1324 Changes between 1.0.2m and 1.0.2n [7 Dec 2017]
1425
+2
-1
NEWS less more
66
77 Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [under development]
88
9 o
9 o Constructed ASN.1 types with a recursive definition could exceed the
10 stack (CVE-2018-0739)
1011
1112 Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017]
1213