[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-cvs
Subject: [CVS] OpenSSL: BRANCH_OpenSSL_0_9_8k: openssl/ CHANGES
From: "Bodo Moeller" <bodo () openssl ! org>
Date: 2009-11-26 18:39:22
Message-ID: 20091126183922.F1D961EAE895 () master ! openssl ! org
[Download RAW message or body]
OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________________________
Server: cvs.openssl.org Name: Bodo Moeller
Root: /v/openssl/cvs Email: bodo@openssl.org
Module: openssl Date: 26-Nov-2009 19:39:22
Branch: BRANCH_OpenSSL_0_9_8k Handle: 2009112618392100
Modified files: (Branch: BRANCH_OpenSSL_0_9_8k)
openssl CHANGES
Log:
Import corrected CHANGES file from OpenSSL_0_9_8-stable (as far as
applicable for this branch)
Summary:
Revision Changes Path
1.1238.2.145.2.3+4 -13 openssl/CHANGES
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openssl/CHANGES
============================================================================
$ cvs diff -u -r1.1238.2.145.2.2 -r1.1238.2.145.2.3 CHANGES
--- openssl/CHANGES 5 Nov 2009 16:08:52 -0000 1.1238.2.145.2.2
+++ openssl/CHANGES 26 Nov 2009 18:39:21 -0000 1.1238.2.145.2.3
@@ -96,6 +96,10 @@
Changes between 0.9.8h and 0.9.8i [15 Sep 2008]
+ *) Fix NULL pointer dereference if a DTLS server received
+ ChangeCipherSpec as first record (CVE-2009-1386).
+ [PR #1679]
+
*) Fix a state transitition in s3_srvr.c and d1_srvr.c
(was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
[Nagendra Modadugu]
@@ -1499,19 +1503,6 @@
differing sizes.
[Richard Levitte]
- Changes between 0.9.7m and 0.9.7n [xx XXX xxxx]
-
- *) In the SSL/TLS server implementation, be strict about session ID
- context matching (which matters if an application uses a single
- external cache for different purposes). Previously,
- out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
- set. This did ensure strict client verification, but meant that,
- with applications using a single external cache for quite
- different requirements, clients could circumvent ciphersuite
- restrictions for a given session ID context by starting a session
- in a different context.
- [Bodo Moeller]
-
Changes between 0.9.7l and 0.9.7m [23 Feb 2007]
*) Cleanse PEM buffers before freeing them since they may contain
@@ .
______________________________________________________________________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List openssl-cvs@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic