Update CHANGES and NEWS for the new release

Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9841)
author: Matt Caswell <matt@openssl.org> 2019-09-10 10:26:07 +0100
committer: Matt Caswell <matt@openssl.org> 2019-09-10 10:51:54 +0100
commit: 7ff84d88036237dc36f4c2cf2dc814e4bf611084 (patch)
tree: e3020ecbcc9e1680fa9a3804383ff1d10818a179 /NEWS
parent: 79f5e2f4b9d9886d1b0da09c2eb3e397bcf82876 (diff)
1 files changed, 14 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index f6264bf6b7..22be168091 100644
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,20 @@
 
   Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [under development]
 
-      o
+      o Fixed a fork protection issue (CVE-2019-1549)
+      o Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt()
+        (CVE-2019-1563)
+      o For built-in EC curves, ensure an EC_GROUP built from the curve name is
+        used even when parsing explicit parameters
+      o Compute ECC cofactors if not provided during EC_GROUP construction
+        (CVE-2019-1547)
+      o Early start up entropy quality from the DEVRANDOM seed source has been
+        improved for older Linux systems
+      o Correct the extended master secret constant on EBCDIC systems
+      o Use Windows installation paths in the mingw builds (CVE-2019-1552)
+      o Changed DH_check to accept parameters with order q and 2q subgroups
+      o Significantly reduce secure memory usage by the randomness pools
+      o Revert the DEVRANDOM_WAIT feature for Linux systems
 
   Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019]
author	Matt Caswell <matt@openssl.org>	2019-09-10 10:26:07 +0100
committer	Matt Caswell <matt@openssl.org>	2019-09-10 10:51:54 +0100
commit	7ff84d88036237dc36f4c2cf2dc814e4bf611084 (patch)
tree	e3020ecbcc9e1680fa9a3804383ff1d10818a179 /NEWS
parent	79f5e2f4b9d9886d1b0da09c2eb3e397bcf82876 (diff)