FuzzerInitialize always exists

[openssl.git] / NEWS

diff --git a/NEWS b/NEWS
index 82d1cb18b911c11b0dcf5b58dddd4a3638576b4b..e88c5f470b8a0d9db58b9ee24f7a20be52834af0 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,9 @@
 
   Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016]
 
+      o ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054)
+      o CMS Null dereference (CVE-2016-7053)
+      o Montgomery multiplication may produce incorrect results (CVE-2016-7055)
       o Fix Use After Free for large message sizes (CVE-2016-6309)
 
   Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016]