Fix a memory leak in ecdh/ecdsa_check.

[openssl.git] / NEWS

diff --git a/NEWS b/NEWS
index d750fb57b158e68ee36d8a9a7c241ad460fa9ecb..2d865f2d8c49c03a916c39fe38526746bbb223b6 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,10 +5,20 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [under development]
+  Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [under development]
 
       o
 
+  Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017]
+
+      o config now recognises 64-bit mingw and chooses mingw64 instead of mingw
+
+  Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017]
+
+      o Truncated packet could crash via OOB read (CVE-2017-3731)
+      o BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
+      o Montgomery multiplication may produce incorrect results (CVE-2016-7055)
+
   Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
 
       o Missing CRL sanity check (CVE-2016-7052)