Updates CHANGES and NEWS for new release

Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-09-21 21:59:49 +0100
committer: Matt Caswell <matt@openssl.org> 2016-09-22 09:22:05 +0100
commit: 35aede1cd7411aa404512facfcb22e3859966ef6 (patch)
tree: ce9d7c0a1c2353553de783fa77d66a25bfd79d99 /NEWS
parent: 92c8d6ae0d741fdca3b72baf627d16908dae64ce (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 1d59f3e4d9..ddd43a7fd7 100644
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,17 @@
 
   Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [under development]
 
-      o
+      o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
+      o SWEET32 Mitigation (CVE-2016-2183)
+      o OOB write in MDC2_Update() (CVE-2016-6303)
+      o Malformed SHA512 ticket DoS (CVE-2016-6302)
+      o OOB write in BN_bn2dec() (CVE-2016-2182)
+      o OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
+      o Pointer arithmetic undefined behaviour (CVE-2016-2177)
+      o Constant time flag not preserved in DSA signing (CVE-2016-2178)
+      o DTLS buffered message DoS (CVE-2016-2179)
+      o DTLS replay protection DoS (CVE-2016-2181)
+      o Certificate message OOB reads (CVE-2016-6306)
 
   Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]
author	Matt Caswell <matt@openssl.org>	2016-09-21 21:59:49 +0100
committer	Matt Caswell <matt@openssl.org>	2016-09-22 09:22:05 +0100
commit	35aede1cd7411aa404512facfcb22e3859966ef6 (patch)
tree	ce9d7c0a1c2353553de783fa77d66a25bfd79d99 /NEWS
parent	92c8d6ae0d741fdca3b72baf627d16908dae64ce (diff)