X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=3e91a0899eb4a75bc5aeb798ae83fe8ca0543de9;hp=8b817e35f260c1d7704022c9eaccc57c5043b679;hb=01b76c2c5d4d786cfcb3cc048d9c0c47229a0aa0;hpb=536454e53bd8ae6a9025e47a7706fa42d9dbfc2f

diff --git a/CHANGES b/CHANGES
index 8b817e35f2..3e91a0899e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,10 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 1.1.0a and 1.1.1 [xx XXX xxxx]
+ Changes between 1.1.0e and 1.1.1 [xx XXX xxxx]
+
+  *) Add support for SipHash
+     [Todd Short]
 
   *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0
      or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to
@@ -21,6 +24,19 @@
   *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd.
      [Emilia Käsper]
 
+ Changes between 1.1.0d and 1.1.0e [16 Feb 2017]
+
+  *) Encrypt-Then-Mac renegotiation crash
+
+     During a renegotiation handshake if the Encrypt-Then-Mac extension is
+     negotiated where it was not in the original handshake (or vice-versa) then
+     this can cause OpenSSL to crash (dependant on ciphersuite). Both clients
+     and servers are affected.
+
+     This issue was reported to OpenSSL by Joe Orton (Red Hat).
+     (CVE-2017-3733)
+     [Matt Caswell]
+
  Changes between 1.1.0c and 1.1.0d [26 Jan 2017]
 
   *) Truncated packet could crash via OOB read