diff options
author | jkim <jkim@FreeBSD.org> | 2016-03-01 22:08:28 +0000 |
---|---|---|
committer | jkim <jkim@FreeBSD.org> | 2016-03-01 22:08:28 +0000 |
commit | de2249f81ccf8ad3eac972b7558a16a3bab99325 (patch) | |
tree | dd0f91775301f47811f2b56ba60043ebdf64aea9 /crypto/openssl/NEWS | |
parent | 0e774f6016f1dfb6a8f55462cc815c3b4da580b2 (diff) | |
parent | 72d32bf80dfdcfe0e69da200b66f195e919653f7 (diff) | |
download | FreeBSD-src-de2249f81ccf8ad3eac972b7558a16a3bab99325.zip FreeBSD-src-de2249f81ccf8ad3eac972b7558a16a3bab99325.tar.gz |
Merge OpenSSL 1.0.2g.
Relnotes: yes
Diffstat (limited to 'crypto/openssl/NEWS')
-rw-r--r-- | crypto/openssl/NEWS | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS index 06c7702..33242c8 100644 --- a/crypto/openssl/NEWS +++ b/crypto/openssl/NEWS @@ -5,6 +5,19 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016] + + o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. + o Disable SSLv2 default build, default negotiation and weak ciphers + (CVE-2016-0800) + o Fix a double-free in DSA code (CVE-2016-0705) + o Disable SRP fake user seed to address a server memory leak + (CVE-2016-0798) + o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption + (CVE-2016-0797) + o Fix memory issues in BIO_*printf functions (CVE-2016-0799) + o Fix side channel attack on modular exponentiation (CVE-2016-0702) + Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] o DH small subgroups (CVE-2016-0701) |