Update CHANGES and NEWS for new release

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-02-16 09:51:56 +00:00 · 2017-02-16 09:51:56 +00:00 · d4da1bb5ab
parent 2c55b28a34
commit d4da1bb5ab
2 changed files with 19 additions and 2 deletions
--- a/15
+++ b/15
@ -2,7 +2,7 @@
 OpenSSL CHANGES
 _______________

- Changes between 1.1.0a and 1.1.1 [xx XXX xxxx]
+ Changes between 1.1.0e and 1.1.1 [xx XXX xxxx]

  *) Add support for SipHash
     [Todd Short]
@ -24,6 +24,19 @@
  *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd.
     [Emilia Käsper]

+ Changes between 1.1.0d and 1.1.0e [16 Feb 2017]
+
+  *) Encrypt-Then-Mac renegotiation crash
+
+     During a renegotiation handshake if the Encrypt-Then-Mac extension is
+     negotiated where it was not in the original handshake (or vice-versa) then
+     this can cause OpenSSL to crash (dependant on ciphersuite). Both clients
+     and servers are affected.
+
+     This issue was reported to OpenSSL by Joe Orton (Red Hat).
+     (CVE-2017-3733)
+     [Matt Caswell]
+
 Changes between 1.1.0c and 1.1.0d [26 Jan 2017]

  *) Truncated packet could crash via OOB read
--- a/6
+++ b/6
@ -5,10 +5,14 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

-  Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.1 [under development]
+  Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.1 [under development]

      o

+  Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017]
+
+      o Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)
+
  Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017]

      o Truncated packet could crash via OOB read (CVE-2017-3731)