id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
5644	openssl-3.4.1	Bruce Dubbs	lfs-book	"New point version with security updates.

Changes between 3.4.0 and 3.4.1 [11 Feb 2025]

* Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected.
  ([CVE-2024-12797])
   
* Fixed timing side-channel in ECDSA signature computation.
  ([CVE-2024-13176])

 * Reverted the behavior change of CMS_get1_certs() and CMS_get1_crls()
   that happened in the 3.4.0 release. These functions now return NULL
   again if there are no certs or crls in the CMS object.

"	enhancement	closed	high	12.3	Book	git	normal	fixed