diff options
| author | Jung-uk Kim <jkim@FreeBSD.org> | 2015-12-03 17:25:26 +0000 |
|---|---|---|
| committer | Jung-uk Kim <jkim@FreeBSD.org> | 2015-12-03 17:25:26 +0000 |
| commit | 145e3a85931a836f8dccec73e02594f7255abcfd (patch) | |
| tree | 03b95bb4075b5bfadd5b0dabf3c4233035d6b774 /CHANGES | |
| parent | d7a2d00e5375699d95f3720a7b779ded3c805b5f (diff) | |
Notes
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -2,6 +2,20 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8zg and 0.9.8zh [3 Dec 2015] + + *) X509_ATTRIBUTE memory leak + + When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak + memory. This structure is used by the PKCS#7 and CMS routines so any + application which reads PKCS#7 or CMS data from untrusted sources is + affected. SSL/TLS is not affected. + + This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using + libFuzzer. + (CVE-2015-3195) + [Stephen Henson] + Changes between 0.9.8zf and 0.9.8zg [11 Jun 2015] *) Malformed ECParameters causes infinite loop |