diff options
author | Matt Caswell <matt@openssl.org> | 2019-09-10 10:26:07 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-09-10 10:55:08 +0100 |
commit | 8bf7d77f33263c81b8e293347edc9a6e43f24d0e (patch) | |
tree | 81cbb2cdf31f097541310209f9a9e22c9be090ce /CHANGES | |
parent | 66fd724daa89996bb775ab8911479c11143b44df (diff) |
Update CHANGES and NEWS for the new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9843)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 12 |
1 files changed, 12 insertions, 0 deletions
@@ -9,6 +9,18 @@ Changes between 1.0.2s and 1.0.2t [xx XXX xxxx] + *) Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt(). In situations + where an attacker receives automated notification of the success or failure + of a decryption attempt an attacker, after sending a very large number of + messages to be decrypted, can recover a CMS/PKCS7 transported encryption + key or decrypt any RSA encrypted message that was encrypted with the public + RSA key, using a Bleichenbacher padding oracle attack. Applications are not + affected if they use a certificate together with the private RSA key to the + CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info + to decrypt. + (CVE-2019-1563) + [Bernd Edlinger] + *) For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key or calling `EC_GROUP_new_from_ecpkparameters()`/ |