add security update notesv2.2.0

author: Brent Cook <bcook@openbsd.org> 2015-06-11 09:02:54 -0500
committer: Brent Cook <bcook@openbsd.org> 2015-06-11 09:02:54 -0500
commit: 351b51613bd7cbb3ad246df3980961cd0e2f5d19 (patch)
tree: 5fb6762d5d0a72f35ffae2463457b72b31c513ff
parent: 04a8eca5d3193d4b103e9791b4c21f8df63bed58 (diff)
download: portable-2.2.0.tar.gz
portable-2.2.0.tar.bz2
portable-2.2.0.zip
1 files changed, 15 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 2893d20..eb50497 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -31,7 +31,7 @@ LibreSSL Portable Release Notes:
 This release primarily addresses a number of security issues in coordination
 with the OpenSSL project.
-2.2.0 - Build cleanups and OS support
+2.2.0 - Build cleanups and new OS support, Security Updates
        * AIX Support - thanks to Michael Felt
@@ -51,6 +51,20 @@ with the OpenSSL project.
        * Various bug fixes and simplifications to libssl and libcrypto
+        * Fixes for the following issues are integrated into LibreSSL 2.2.0:
+         - CVE-2015-1788 - Malformed ECParameters causes infinite loop
+         - CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
+         - CVE-2015-1792 - CMS verify infinite loop with unknown hash function
+        * The following CVEs did not apply to LibreSSL or were fixed in
+          earlier releases:
+         - CVE-2015-4000 - DHE man-in-the-middle protection (Logjam)
+         - CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent
+         - CVE-2014-8176 - Invalid free in DTLS
+        * Fixes for the following CVEs are still in review for LibreSSL
+         - CVE-2015-1791 - Race condition handling NewSessionTicket
 2.1.6 - Security update
        * Fixes for the following issues are integrated into LibreSSL 2.1.6:
author	Brent Cook <bcook@openbsd.org>	2015-06-11 09:02:54 -0500
committer	Brent Cook <bcook@openbsd.org>	2015-06-11 09:02:54 -0500
commit	351b51613bd7cbb3ad246df3980961cd0e2f5d19 (patch)
tree	5fb6762d5d0a72f35ffae2463457b72b31c513ff
parent	04a8eca5d3193d4b103e9791b4c21f8df63bed58 (diff)
download	portable-2.2.0.tar.gz portable-2.2.0.tar.bz2 portable-2.2.0.zip

diff --git a/ChangeLog b/ChangeLog index 2893d20..eb50497 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -31,7 +31,7 @@ LibreSSL Portable Release Notes:
31	This release primarily addresses a number of security issues in coordination	31	This release primarily addresses a number of security issues in coordination
32	with the OpenSSL project.	32	with the OpenSSL project.
33		33
34	2.2.0 - Build cleanups and OS support	34	2.2.0 - Build cleanups and new OS support, Security Updates
35		35
36	* AIX Support - thanks to Michael Felt	36	* AIX Support - thanks to Michael Felt
37		37
@@ -51,6 +51,20 @@ with the OpenSSL project.
51		51
52	* Various bug fixes and simplifications to libssl and libcrypto	52	* Various bug fixes and simplifications to libssl and libcrypto
53		53
		54	* Fixes for the following issues are integrated into LibreSSL 2.2.0:
		55	- CVE-2015-1788 - Malformed ECParameters causes infinite loop
		56	- CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
		57	- CVE-2015-1792 - CMS verify infinite loop with unknown hash function
		58
		59	* The following CVEs did not apply to LibreSSL or were fixed in
		60	earlier releases:
		61	- CVE-2015-4000 - DHE man-in-the-middle protection (Logjam)
		62	- CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent
		63	- CVE-2014-8176 - Invalid free in DTLS
		64
		65	* Fixes for the following CVEs are still in review for LibreSSL
		66	- CVE-2015-1791 - Race condition handling NewSessionTicket
		67
54	2.1.6 - Security update	68	2.1.6 - Security update
55		69
56	* Fixes for the following issues are integrated into LibreSSL 2.1.6:	70	* Fixes for the following issues are integrated into LibreSSL 2.1.6: