X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=CHANGES;h=6157a1ef0db391fe3d9c34f9810821731064d2ff;hb=e822c756b66024d49ab936bf77b745206660fcd2;hp=b8e18dc1e280ef8aebab36a5f0c811cf9374a4a4;hpb=f830c68f4d205b37ae5e1a0ca732c33b7e8661c6;p=openssl.git

diff --git a/CHANGES b/CHANGES
index b8e18dc1e2..6157a1ef0d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -123,7 +123,7 @@
      whose return value is often ignored. 
      [Steve Henson]
   
- Changes between 1.0.0b and 1.0.1  [xx XXX xxxx]
+ Changes between 1.0.0c and 1.0.1  [xx XXX xxxx]
 
   *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
      [Steve Henson]
@@ -162,7 +162,14 @@
        Add command line options to s_client/s_server.
      [Steve Henson]
 
- Changes between 1.0.0a and 1.0.0b  [xx XXX xxxx]
+ Changes between 1.0.0b and 1.0.0c  [xx XXX xxxx]
+
+  *) Fixed J-PAKE implementation error, originally discovered by
+     Sebastien Martini, further info and confirmation from Stefan
+     Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+     [Ben Laurie]
+
+ Changes between 1.0.0a and 1.0.0b  [16 Nov 2010]
 
   *) Fix extension code to avoid race conditions which can result in a buffer
      overrun vulnerability: resumed sessions must not be modified as they can