Deleted Added
sdiff udiff text old ( 205128 ) new ( 206046 )
full compact
CHANGES (205128) CHANGES (206046)
1
2 OpenSSL CHANGES
3 _______________
4
1
2 OpenSSL CHANGES
3 _______________
4
5 Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
6
7 *) When rejecting SSL/TLS records due to an incorrect version number, never
8 update s->server with a new major version number. As of
9 - OpenSSL 0.9.8m if 'short' is a 16-bit type,
10 - OpenSSL 0.9.8f if 'short' is longer than 16 bits,
11 the previous behavior could result in a read attempt at NULL when
12 receiving specific incorrect SSL/TLS records once record payload
13 protection is active. (CVE-2010-0740)
14 [Bodo Moeller, Adam Langley <agl@chromium.org>]
15
16 *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
17 could be crashed if the relevant tables were not present (e.g. chrooted).
18 [Tomas Hoger <thoger@redhat.com>]
19
5 Changes between 0.9.8l and 0.9.8m [25 Feb 2010]
6
7 *) Always check bn_wexpend() return values for failure. (CVE-2009-3245)
8 [Martin Olsson, Neel Mehta]
9
10 *) Fix X509_STORE locking: Every 'objs' access requires a lock (to
11 accommodate for stack sorting, always a write lock!).
12 [Bodo Moeller]

--- 8478 unchanged lines hidden --- 		20 Changes between 0.9.8l and 0.9.8m [25 Feb 2010]
21
22 *) Always check bn_wexpend() return values for failure. (CVE-2009-3245)
23 [Martin Olsson, Neel Mehta]
24
25 *) Fix X509_STORE locking: Every 'objs' access requires a lock (to
26 accommodate for stack sorting, always a write lock!).
27 [Bodo Moeller]

--- 8478 unchanged lines hidden ---