projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Update CHANGES and NEWS for the new release
[openssl.git] / NEWS
diff --git a/NEWS b/NEWS
index 4bff4ae96a08e158ae9c9bbf4ce68a183eb2d7f4..c8159993e9e8545baa56e0237d4234770fad4367 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,14 @@
 
   Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2t [under development]
 
-      o
+      o Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt()
+        (CVE-2019-1563)
+      o For built-in EC curves, ensure an EC_GROUP built from the curve name is
+        used even when parsing explicit parameters
+      o Compute ECC cofactors if not provided during EC_GROUP construction
+        (CVE-2019-1547)
+      o Document issue with installation paths in diverse Windows builds
+        (CVE-2019-1552)
 
   Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019]
 
Unnamed repository; edit this file 'description' to name the repository.