aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/security.rst2
-rw-r--r--news.rst8
2 files changed, 9 insertions, 1 deletions
diff --git a/doc/security.rst b/doc/security.rst
index 151c279f6..a2dc6f248 100644
--- a/doc/security.rst
+++ b/doc/security.rst
@@ -21,7 +21,7 @@ Advisories
2016
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-* 2016-11-27 (CVE-2016-xxxx) Integer overflow in BER decoder
+* 2016-11-27 (CVE-2016-9132) Integer overflow in BER decoder
While decoding BER length fields, an integer overflow could occur. This could
occur while parsing untrusted inputs such as X.509 certificates. The overflow
diff --git a/news.rst b/news.rst
index a02ba7387..dee2add96 100644
--- a/news.rst
+++ b/news.rst
@@ -4,6 +4,10 @@ Release Notes
Version 1.11.34, Not Yet Released
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+* Fix integer overflow during BER decoding, found by Falko Strenzke.
+ This bug is not thought to be directly exploitable but upgrading ASAP
+ is advised. (CVE-2016-9132)
+
* Add post-quantum signature scheme XMSS. Provides either 128 or 256 bit
(post-quantum) security, with small public and private keys, fast
verification, and reasonably small signatures (2500 bytes for 128-bit
@@ -17,6 +21,8 @@ Version 1.11.34, Not Yet Released
ECDH and NewHope to provide post-quantum security. The ciphersuites are not
IETF standard, but is compatible with BoringSSL. (GH #729)
+* Add support for client-side OCSP stapling to TLS. (GH #738)
+
* Previously both public and private keys performed automatic self testing after
generation or loading. However this often caused unexpected application
performance problems, and so has been removed. Instead applications must call
@@ -100,6 +106,8 @@ Version 1.11.34, Not Yet Released
* Allow a custom ECC curve to be specified at build time, for application or
system specific curves. (GH #636 #710)
+* Use NOMINMAX on Windows to avoid problems in amalgamation build. (GH #740)
+
* Add support to output bakefiles with new `configure.py` option `--with-bakefile`.
(GH #360 #720)