2.1.7 security updatev2.1.7

author: Brent Cook <bcook@openbsd.org> 2015-06-11 09:00:29 -0500
committer: Brent Cook <bcook@openbsd.org> 2015-06-11 09:00:29 -0500
commit: ce063e4989a7f9b895e663e649df14b1d8433121 (patch)
tree: b9a1839cff73ae5daefdbadd8f8754ace1dcb0d7
parent: 89c5dc6bcfb96c830f66052ab8c6959f0d16c6e9 (diff)
download: portable-2.1.7.tar.gz
portable-2.1.7.tar.bz2
portable-2.1.7.zip
2 files changed, 17 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 7c1bb29..d5c23fc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -31,6 +31,22 @@ LibreSSL Portable Release Notes:
 This release primarily addresses a number of security issues in coordination
 with the OpenSSL project.
+2.1.7 - Security Update
+        * Fixes for the following issues are integrated into LibreSSL 2.1.7:
+         - CVE-2015-1788 - Malformed ECParameters causes infinite loop
+         - CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
+         - CVE-2015-1792 - CMS verify infinite loop with unknown hash function
+        * The following CVEs did not apply to LibreSSL or were fixed in
+          earlier releases:
+         - CVE-2015-4000 - DHE man-in-the-middle protection (Logjam)
+         - CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent
+         - CVE-2014-8176 - Invalid free in DTLS
+        * Fixes for the following CVEs are still in review for LibreSSL
+         - CVE-2015-1791 - Race condition handling NewSessionTicket
 2.1.6 - Security update
        * Fixes for the following issues are integrated into LibreSSL 2.1.6:
diff --git a/VERSION b/VERSION
index 399088b..04b10b4 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.1.6
+2.1.7
author	Brent Cook <bcook@openbsd.org>	2015-06-11 09:00:29 -0500
committer	Brent Cook <bcook@openbsd.org>	2015-06-11 09:00:29 -0500
commit	ce063e4989a7f9b895e663e649df14b1d8433121 (patch)
tree	b9a1839cff73ae5daefdbadd8f8754ace1dcb0d7
parent	89c5dc6bcfb96c830f66052ab8c6959f0d16c6e9 (diff)
download	portable-2.1.7.tar.gz portable-2.1.7.tar.bz2 portable-2.1.7.zip

diff --git a/ChangeLog b/ChangeLog index 7c1bb29..d5c23fc 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -31,6 +31,22 @@ LibreSSL Portable Release Notes:
31	This release primarily addresses a number of security issues in coordination	31	This release primarily addresses a number of security issues in coordination
32	with the OpenSSL project.	32	with the OpenSSL project.
33		33
		34	2.1.7 - Security Update
		35
		36	* Fixes for the following issues are integrated into LibreSSL 2.1.7:
		37	- CVE-2015-1788 - Malformed ECParameters causes infinite loop
		38	- CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
		39	- CVE-2015-1792 - CMS verify infinite loop with unknown hash function
		40
		41	* The following CVEs did not apply to LibreSSL or were fixed in
		42	earlier releases:
		43	- CVE-2015-4000 - DHE man-in-the-middle protection (Logjam)
		44	- CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent
		45	- CVE-2014-8176 - Invalid free in DTLS
		46
		47	* Fixes for the following CVEs are still in review for LibreSSL
		48	- CVE-2015-1791 - Race condition handling NewSessionTicket
		49
34	2.1.6 - Security update	50	2.1.6 - Security update
35		51
36	* Fixes for the following issues are integrated into LibreSSL 2.1.6:	52	* Fixes for the following issues are integrated into LibreSSL 2.1.6:


diff --git a/VERSION b/VERSION index 399088b..04b10b4 100644 --- a/VERSION +++ b/VERSION
@@ -1 +1 @@
	2.1.6		2.1.7