From 5ab3f71a33cb0140fc29ae9244cd4f8331c2f3a5 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 21 Mar 2023 16:15:47 +0100 Subject: Fix documentation of X509_VERIFY_PARAM_add0_policy() The function was incorrectly documented as enabling policy checking. Fixes: CVE-2023-0466 Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/20561) --- NEWS.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'NEWS.md') diff --git a/NEWS.md b/NEWS.md index b1eaab4b8d..ef077a5437 100644 --- a/NEWS.md +++ b/NEWS.md @@ -37,6 +37,7 @@ OpenSSL 3.1 ### Major changes between OpenSSL 3.1.0 and OpenSSL 3.1.1 [under development] + * Fixed documentation of X509_VERIFY_PARAM_add0_policy() ([CVE-2023-0466]) * Fixed handling of invalid certificate policies in leaf certificates ([CVE-2023-0465]) * Limited the number of nodes created in a policy tree ([CVE-2023-0464]) @@ -1464,6 +1465,7 @@ OpenSSL 0.9.x * Support for various new platforms +[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466 [CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465 [CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464 [CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401 -- cgit v1.2.3