- 2.5.3 had a typo in the CVE ID (CVE-2121-3606 should be -2021-) - 2.5.5 had windows paths with backslashes, which need to be doubled
(CVE ID typo also reported by "@attritionorg" in Github PR 165) Signed-off-by: Gert Doering <g...@greenie.muc.de> --- Changes.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Changes.rst b/Changes.rst index b6f98d51..3d484318 100644 --- a/Changes.rst +++ b/Changes.rst @@ -18,8 +18,8 @@ New features - Windows build: use CFG and Spectre mitigations on MSVC builds - bring back OpenSSL config loading to Windows builds. - OpenSSL config is loaded from %installdir%\SSL\openssl.cfg - (typically: c:\program files\openvpn\SSL\openssl.cfg) if it exists. + OpenSSL config is loaded from %installdir%\\SSL\\openssl.cfg + (typically: c:\\program files\\openvpn\\SSL\\openssl.cfg) if it exists. This is important for some hardware tokens which need special OpenSSL config for correct operation. Trac #1296 @@ -102,7 +102,7 @@ Overview of changes in 2.5.3 ============================ Bugfixes -------- -- CVE-2121-3606 +- CVE-2021-3606 see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements OpenVPN windows builds could possibly load OpenSSL Config files from -- 2.26.3 _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
