Update CHANGES and NEWS for new release

Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-03-01 11:00:48 +0000
committer: Matt Caswell <matt@openssl.org> 2016-03-01 11:48:43 +0000
commit: 248808c8406c113d00ab45368ab03bfa66411d00 (patch)
tree: 7a3520a5acd0359486b93f796d40d8a983666917 /NEWS
parent: 515f3be47a0b58eec808cf365bc5e8ef6917266b (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 47fba26b82..9ce71c4a9a 100644
--- a/NEWS
+++ b/NEWS
@@ -8,7 +8,15 @@
   Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [under development]
 
       o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
-      o Disable SSLv2 default build, default negotiation and weak ciphers.
+      o Disable SSLv2 default build, default negotiation and weak ciphers
+        (CVE-2016-0800)
+      o Fix a double-free in DSA code (CVE-2016-0705)
+      o Disable SRP fake user seed to address a server memory leak
+        (CVE-2016-0798)
+      o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
+        (CVE-2016-0797)
+      o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
+      o Fix side channel attack on modular exponentiation (CVE-2016-0702)
 
   Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]
author	Matt Caswell <matt@openssl.org>	2016-03-01 11:00:48 +0000
committer	Matt Caswell <matt@openssl.org>	2016-03-01 11:48:43 +0000
commit	248808c8406c113d00ab45368ab03bfa66411d00 (patch)
tree	7a3520a5acd0359486b93f796d40d8a983666917 /NEWS
parent	515f3be47a0b58eec808cf365bc5e8ef6917266b (diff)