Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nodejs/node.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/deps/openssl/openssl/CHANGES
diff options
context:
space:
mode:
Diffstat (limited to 'deps/openssl/openssl/CHANGES')
-rw-r--r--deps/openssl/openssl/CHANGES27
1 files changed, 27 insertions, 0 deletions
diff --git a/deps/openssl/openssl/CHANGES b/deps/openssl/openssl/CHANGES
index 9f0b94743bf..cf76704d15c 100644
--- a/deps/openssl/openssl/CHANGES
+++ b/deps/openssl/openssl/CHANGES
@@ -7,6 +7,33 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.0i and 1.1.0j [20 Nov 2018]
+
+ *) Timing vulnerability in DSA signature generation
+
+ The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
+ timing side channel attack. An attacker could use variations in the signing
+ algorithm to recover the private key.
+
+ This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
+ (CVE-2018-0734)
+ [Paul Dale]
+
+ *) Timing vulnerability in ECDSA signature generation
+
+ The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
+ timing side channel attack. An attacker could use variations in the signing
+ algorithm to recover the private key.
+
+ This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
+ (CVE-2018-0735)
+ [Paul Dale]
+
+ *) Add coordinate blinding for EC_POINT and implement projective
+ coordinate blinding for generic prime curves as a countermeasure to
+ chosen point SCA attacks.
+ [Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley]
+
Changes between 1.1.0h and 1.1.0i [14 Aug 2018]
*) Client DoS due to large DH parameter
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-25 13:22:28 +0300