From 35aede1cd7411aa404512facfcb22e3859966ef6 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 21 Sep 2016 21:59:49 +0100
Subject: Updates CHANGES and NEWS for new release

Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 NEWS | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 1d59f3e4d9..ddd43a7fd7 100644
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,17 @@
 
   Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [under development]
 
-      o
+      o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
+      o SWEET32 Mitigation (CVE-2016-2183)
+      o OOB write in MDC2_Update() (CVE-2016-6303)
+      o Malformed SHA512 ticket DoS (CVE-2016-6302)
+      o OOB write in BN_bn2dec() (CVE-2016-2182)
+      o OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
+      o Pointer arithmetic undefined behaviour (CVE-2016-2177)
+      o Constant time flag not preserved in DSA signing (CVE-2016-2178)
+      o DTLS buffered message DoS (CVE-2016-2179)
+      o DTLS replay protection DoS (CVE-2016-2181)
+      o Certificate message OOB reads (CVE-2016-6306)
 
   Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]
 
-- 
cgit v1.2.3