[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
-### Changes between 3.0.3 and 3.0.4 [xx XXX xxxx]
+### Changes between 3.0.5 and 3.0.6 [xx XXX xxxx]
+
+ * none yet
+
+### Changes between 3.0.4 and 3.0.5 [5 Jul 2022]
+
+ * The OpenSSL 3.0.4 release introduced a serious bug in the RSA
+ implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
+ This issue makes the RSA implementation with 2048 bit private keys
+ incorrect on such machines and memory corruption will happen during
+ the computation. As a consequence of the memory corruption an attacker
+ may be able to trigger a remote code execution on the machine performing
+ the computation.
+
+ SSL/TLS servers or other servers using 2048 bit RSA private keys running
+ on machines supporting AVX512IFMA instructions of the X86_64 architecture
+ are affected by this issue.
+ ([CVE-2022-2274])
+
+ *Xi Ruoyao*
+
+ * AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
+ implementation would not encrypt the entirety of the data under some
+ circumstances. This could reveal sixteen bytes of data that was
+ preexisting in the memory that wasn't written. In the special case of
+ "in place" encryption, sixteen bytes of the plaintext would be revealed.
+
+ Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
+ they are both unaffected.
+ ([CVE-2022-2097])
+
+ *Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño*
+
+### Changes between 3.0.3 and 3.0.4 [21 Jun 2022]
+
+ * In addition to the c_rehash shell command injection identified in
+ CVE-2022-1292, further bugs where the c_rehash script does not
+ properly sanitise shell metacharacters to prevent command injection have been
+ fixed.
+
+ When the CVE-2022-1292 was fixed it was not discovered that there
+ are other places in the script where the file names of certificates
+ being hashed were possibly passed to a command executed through the shell.
+
+ This script is distributed by some operating systems in a manner where
+ it is automatically executed. On such operating systems, an attacker
+ could execute arbitrary commands with the privileges of the script.
+
+ Use of the c_rehash script is considered obsolete and should be replaced
+ by the OpenSSL rehash command line tool.
+ (CVE-2022-2068)
+
+ *Daniel Fiala, Tomáš Mráz*
* Case insensitive string comparison no longer uses locales. It has instead
been directly implemented.
<!-- Links -->
+[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
+[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563