===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/68.html,v
retrieving revision 1.89
retrieving revision 1.90
diff -c -r1.89 -r1.90
*** www/68.html 2021/10/08 16:31:36 1.89
--- www/68.html 2023/04/09 07:14:45 1.90
***************
*** 550,556 ****
Bug Fixes
- Fix an off-by-one in the CBC padding removal.
!
- Enforce in the TLSv1.3 server that that ClientHello messages after a HelloRetryRequest match the original ClientHello as per RFC 8446 section 4.1.2
- Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes.
- Correct use of sockaddr_storage instead of sockaddr in openssl(1) s_client, which could lead to using 14 bytes of stack garbage instead of an IPv6 address in DTLS mode.
- Fix a longstanding bug in PEM_X509_INFO_read_bio(3) that could cause use-after-free and double-free issues in calling programs.
--- 550,556 ----
- Bug Fixes
- Fix an off-by-one in the CBC padding removal.
!
- Enforce in the TLSv1.3 server that ClientHello messages after a HelloRetryRequest match the original ClientHello as per RFC 8446 section 4.1.2
- Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes.
- Correct use of sockaddr_storage instead of sockaddr in openssl(1) s_client, which could lead to using 14 bytes of stack garbage instead of an IPv6 address in DTLS mode.
- Fix a longstanding bug in PEM_X509_INFO_read_bio(3) that could cause use-after-free and double-free issues in calling programs.