-
Wed Feb 24 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-51.4
- fix CVE-2016-0702 - side channel attack on modular exponentiation
- fix CVE-2016-0705 - double-free in DSA private key parsing
- fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn
-
Tue Feb 16 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-51.3
- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement
- disable SSLv2 in the generic TLS method
-
Mon Dec 21 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-51.2
- fix CVE-2015-7575 - disallow use of MD5 in TLS1.2
-
Fri Dec 04 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-51.1
- fix CVE-2015-3194 - certificate verify crash with missing PSS parameter
- fix CVE-2015-3195 - X509_ATTRIBUTE memory leak
- fix CVE-2015-3196 - race condition when handling PSK identity hint
-
Tue Jun 23 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-51
- fix the CVE-2015-1791 fix (broken server side renegotiation)
-
Thu Jun 11 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-50
- improved fix for CVE-2015-1791
- add missing parts of CVE-2015-0209 fix for corectness although unexploitable
-
Tue Jun 09 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-49
- fix CVE-2014-8176 - invalid free in DTLS buffering code
- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time
- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent
- fix CVE-2015-1791 - race condition handling NewSessionTicket
- fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function
-
Wed Jun 03 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-48
- fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on
read in multithreaded applications
-
Mon May 25 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-47
- fix CVE-2015-4000 - prevent the logjam attack on client - restrict
the DH key size to at least 768 bits (limit will be increased in future)
-
Wed Mar 25 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-46
- drop the AES-GCM restriction of 2^32 operations because the IV is
always 96 bits (32 bit fixed field + 64 bit invocation field)