diff options
-rw-r--r-- | doc/security.rst | 2 | ||||
-rw-r--r-- | news.rst | 8 |
2 files changed, 9 insertions, 1 deletions
diff --git a/doc/security.rst b/doc/security.rst index 151c279f6..a2dc6f248 100644 --- a/doc/security.rst +++ b/doc/security.rst @@ -21,7 +21,7 @@ Advisories 2016 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* 2016-11-27 (CVE-2016-xxxx) Integer overflow in BER decoder +* 2016-11-27 (CVE-2016-9132) Integer overflow in BER decoder While decoding BER length fields, an integer overflow could occur. This could occur while parsing untrusted inputs such as X.509 certificates. The overflow @@ -4,6 +4,10 @@ Release Notes Version 1.11.34, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* Fix integer overflow during BER decoding, found by Falko Strenzke. + This bug is not thought to be directly exploitable but upgrading ASAP + is advised. (CVE-2016-9132) + * Add post-quantum signature scheme XMSS. Provides either 128 or 256 bit (post-quantum) security, with small public and private keys, fast verification, and reasonably small signatures (2500 bytes for 128-bit @@ -17,6 +21,8 @@ Version 1.11.34, Not Yet Released ECDH and NewHope to provide post-quantum security. The ciphersuites are not IETF standard, but is compatible with BoringSSL. (GH #729) +* Add support for client-side OCSP stapling to TLS. (GH #738) + * Previously both public and private keys performed automatic self testing after generation or loading. However this often caused unexpected application performance problems, and so has been removed. Instead applications must call @@ -100,6 +106,8 @@ Version 1.11.34, Not Yet Released * Allow a custom ECC curve to be specified at build time, for application or system specific curves. (GH #636 #710) +* Use NOMINMAX on Windows to avoid problems in amalgamation build. (GH #740) + * Add support to output bakefiles with new `configure.py` option `--with-bakefile`. (GH #360 #720) |