diff options
Diffstat (limited to 'doc/log.txt')
| -rw-r--r-- | doc/log.txt | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/doc/log.txt b/doc/log.txt index 14430a3ed..dc744f59c 100644 --- a/doc/log.txt +++ b/doc/log.txt @@ -7,10 +7,24 @@ Release Notes Series 1.10 ---------------------------------------- +Version 1.10.12, 2016-02-03 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* In 1.10.11, the check in PointGFp intended to check the affine y + argument actually checked the affine x again. Reported by Remi Gacogne + + The CVE-2016-2195 overflow is not exploitable in 1.10.11 due to an + additional check in the multiplication function itself which was + also added in that release, so there are no security implications + from the missed check. However to avoid confusion the change was + pushed in a new release immediately. + + The 1.10.11 release notes incorrectly identified CVE-2016-2195 as CVE-2016-2915 + Version 1.10.11, 2016-02-01 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* Resolve heap overflow in ECC point decoding. CVE-2016-2915 +* Resolve heap overflow in ECC point decoding. CVE-2016-2195 * Resolve infinite loop in modular square root algorithm. CVE-2016-2194 |