update changelog for 2.1.6

author: Brent Cook <bcook@openbsd.org> 2015-03-19 00:50:36 -0500
committer: Brent Cook <bcook@openbsd.org> 2015-03-19 09:27:31 -0500
commit: df0c0cd146ec4ba7b68e7735766bf0b62af993f4 (patch)
tree: 834701b18dfde1115e87c8ae5c8d362ddb80ccb0 /ChangeLog
parent: dd646a3302e66f351111f3fe94d147269ca149fb (diff)
download: portable-df0c0cd146ec4ba7b68e7735766bf0b62af993f4.tar.gz
portable-df0c0cd146ec4ba7b68e7735766bf0b62af993f4.tar.bz2
portable-df0c0cd146ec4ba7b68e7735766bf0b62af993f4.zip
1 files changed, 19 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 62bcab9..7c1bb29 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,25 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
+This release primarily addresses a number of security issues in coordination
+with the OpenSSL project.
+2.1.6 - Security update
+        * Fixes for the following issues are integrated into LibreSSL 2.1.6:
+          - CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
+          - CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
+          - CVE-2015-0287 - ASN.1 structure reuse memory corruption
+          - CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref
+          - CVE-2015-0289 - PKCS7 NULL pointer dereferences
+        * The fix for CVE-2015-0207 - Segmentation fault in DTLSv1_listen
+          is integrated for safety, but LibreSSL is not vulnerable.
+        * Libtls is now built by default. The --enable-libtls
+          configuration option is no longer required.
+          The libtls API is now stable for the 2.1.x series.
 2.1.5 - Bug fixes and a security update
        * Fix incorrect comparison function in openssl(1) certhash command.
          Thanks to Christian Neukirchen / Void Linux.
author	Brent Cook <bcook@openbsd.org>	2015-03-19 00:50:36 -0500
committer	Brent Cook <bcook@openbsd.org>	2015-03-19 09:27:31 -0500
commit	df0c0cd146ec4ba7b68e7735766bf0b62af993f4 (patch)
tree	834701b18dfde1115e87c8ae5c8d362ddb80ccb0 /ChangeLog
parent	dd646a3302e66f351111f3fe94d147269ca149fb (diff)
download	portable-df0c0cd146ec4ba7b68e7735766bf0b62af993f4.tar.gz portable-df0c0cd146ec4ba7b68e7735766bf0b62af993f4.tar.bz2 portable-df0c0cd146ec4ba7b68e7735766bf0b62af993f4.zip

diff --git a/ChangeLog b/ChangeLog index 62bcab9..7c1bb29 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,6 +28,25 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
		31	This release primarily addresses a number of security issues in coordination
		32	with the OpenSSL project.
		33
		34	2.1.6 - Security update
		35
		36	* Fixes for the following issues are integrated into LibreSSL 2.1.6:
		37	- CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
		38	- CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
		39	- CVE-2015-0287 - ASN.1 structure reuse memory corruption
		40	- CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref
		41	- CVE-2015-0289 - PKCS7 NULL pointer dereferences
		42
		43	* The fix for CVE-2015-0207 - Segmentation fault in DTLSv1_listen
		44	is integrated for safety, but LibreSSL is not vulnerable.
		45
		46	* Libtls is now built by default. The --enable-libtls
		47	configuration option is no longer required.
		48	The libtls API is now stable for the 2.1.x series.
		49
31	2.1.5 - Bug fixes and a security update	50	2.1.5 - Bug fixes and a security update
32	* Fix incorrect comparison function in openssl(1) certhash command.	51	* Fix incorrect comparison function in openssl(1) certhash command.
33	Thanks to Christian Neukirchen / Void Linux.	52	Thanks to Christian Neukirchen / Void Linux.