From 502bed22a940598bad27555d2b5c5c27a1f2edf1 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 27 Jan 2016 13:41:16 +0000
Subject: CHANGES and NEWS updates for release

Add details about the latest issues fixed in the forthcoming release.

Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 NEWS | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 76f7fde846..5fc6b6c4d7 100644
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,7 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 1.0.2e and OpenSSL 1.1.0 [in pre-release]
+  Major changes between OpenSSL 1.0.2f and OpenSSL 1.1.0 [in pre-release]
 
       o Support for ChaCha20 and Poly1305 added to libcrypto and libssl
       o Support for extended master secret
@@ -33,6 +33,11 @@
         directory location rather than --openssldir.  The latter becomes
         the directory for certs, private key and openssl.cnf exclusively.
 
+  Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]
+
+      o DH small subgroups (CVE-2016-0701)
+      o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
+
   Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
 
       o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
-- 
cgit v1.2.3