diff options
Diffstat (limited to 'news.rst')
| -rw-r--r-- | news.rst | 8 |
1 files changed, 7 insertions, 1 deletions
@@ -1,9 +1,15 @@ Release Notes ======================================== -Version 2.6.0, Not Yet Released +Version 2.6.0, 2018-04-10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could + for a malformed ciphertext cause the decryptor to read and HMAC an + additional 64K bytes of data which is not part of the record. This + could cause a crash if the read went into unmapped memory. No + information leak or out of bounds write occurs. + * Add support for OAEP labels (GH #1508) * RSA signing is about 15% faster (GH #1523) and RSA verification is |