Changeset View
Changeset View
Standalone View
Standalone View
NEWS.md
Context not available. | |||||
OpenSSL 3.0 | OpenSSL 3.0 | ||||
----------- | ----------- | ||||
### Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [30 May 2023] | |||||
* Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT | |||||
IDENTIFIER sub-identities. ([CVE-2023-2650]) | |||||
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms | |||||
([CVE-2023-1255]) | |||||
* Fixed documentation of X509_VERIFY_PARAM_add0_policy() ([CVE-2023-0466]) | |||||
* Fixed handling of invalid certificate policies in leaf certificates | |||||
([CVE-2023-0465]) | |||||
* Limited the number of nodes created in a policy tree ([CVE-2023-0464]) | |||||
### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023] | ### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023] | ||||
* Fixed NULL dereference during PKCS7 data verification ([CVE-2023-0401]) | * Fixed NULL dereference during PKCS7 data verification ([CVE-2023-0401]) | ||||
Context not available. | |||||
* Support for various new platforms | * Support for various new platforms | ||||
<!-- Links --> | <!-- Links --> | ||||
[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650 | |||||
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255 | |||||
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466 | |||||
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465 | |||||
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464 | |||||
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401 | [CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401 | ||||
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286 | [CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286 | ||||
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217 | [CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217 | ||||
Context not available. | |||||
[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203 | [CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203 | ||||
[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996 | [CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996 | ||||
[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 | [CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 | ||||
[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 | [CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097 | ||||
[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971 | [CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971 | ||||
[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967 | [CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967 | ||||
[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563 | [CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563 | ||||
Context not available. |