Differences
This shows you the differences between the selected revisions of the page.
| 2026-06-10 | 2026-06-12 | ||
| OpenSSL 3.5.7 (martin) | CVE-2026-45447 (martin) | ||
| Line 122: | Line 122: | ||
| * Bug fix: Failure when clicking tab close button while the session is already being closed. [[bug>2416]] | * Bug fix: Failure when clicking tab close button while the session is already being closed. [[bug>2416]] | ||
| - | ===== [[6.5.7]] 6.5.7 (not released yet) ((2026-06-05)) ===== | + | ===== [[6.5.7]] 6.5.7 (not released yet) ((2026-06-12)) ===== |
| * Translations completed: Croatian, Finnish, Georgian, Italian and Serbian. | * Translations completed: Croatian, Finnish, Georgian, Italian and Serbian. | ||
| * TLS/SSL core upgraded to OpenSSL 3.3.7. | * TLS/SSL core upgraded to OpenSSL 3.3.7. | ||
| - | * Back-propagated fix from 6.6.2 beta release: | + | * Back-propagated fixes from 6.6.2 beta release: |
| * Bug fix: Failure setting ''Session.DebugLogPath'' when running in impersonated context. [[bug>2441]] | * Bug fix: Failure setting ''Session.DebugLogPath'' when running in impersonated context. [[bug>2441]] | ||
| * Security issue: fixed a remotely triggerable double-free in RSA key exchange. [[pbug>rsakex-double-free]] | * Security issue: fixed a remotely triggerable double-free in RSA key exchange. [[pbug>rsakex-double-free]] | ||
| * Minor security issue: fixed a remotely triggerable crash in NIST ECDSA signature verification. [[pbug>ecdsa-remotely-triggerable-assertion]] | * Minor security issue: fixed a remotely triggerable crash in NIST ECDSA signature verification. [[pbug>ecdsa-remotely-triggerable-assertion]] | ||
| + | * Bug fix: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. CVE-2026-45447 fix from OpenSSL 3.4.6. | ||
| ===== [[6.5.6]] 6.5.6 ((2026-03-25)) ===== | ===== [[6.5.6]] 6.5.6 ((2026-03-25)) ===== | ||