projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Update CHANGES and NEWS for the new release
[openssl.git] / NEWS
diff --git a/NEWS b/NEWS
index 49f4fdd398bed6011b4f90713836a5e42b89843d..c8159993e9e8545baa56e0237d4234770fad4367 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,18 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [under development]
+  Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2t [under development]
+
+      o Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt()
+        (CVE-2019-1563)
+      o For built-in EC curves, ensure an EC_GROUP built from the curve name is
+        used even when parsing explicit parameters
+      o Compute ECC cofactors if not provided during EC_GROUP construction
+        (CVE-2019-1547)
+      o Document issue with installation paths in diverse Windows builds
+        (CVE-2019-1552)
+
+  Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019]
 
       o 0-byte record padding oracle (CVE-2019-1559)
 
Unnamed repository; edit this file 'description' to name the repository.