X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=NEWS;h=c8159993e9e8545baa56e0237d4234770fad4367;hp=4d4e9df3793b08047930b2eb647a869ed9164c3e;hb=8bf7d77f33263c81b8e293347edc9a6e43f24d0e;hpb=bb36ec5f5bc6a34370e821260ad4f620dd16ecec

diff --git a/NEWS b/NEWS
index 4d4e9df379..c8159993e9 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,17 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2t [under development]
+
+      o Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt()
+        (CVE-2019-1563)
+      o For built-in EC curves, ensure an EC_GROUP built from the curve name is
+        used even when parsing explicit parameters
+      o Compute ECC cofactors if not provided during EC_GROUP construction
+        (CVE-2019-1547)
+      o Document issue with installation paths in diverse Windows builds
+        (CVE-2019-1552)
+
   Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019]
 
       o 0-byte record padding oracle (CVE-2019-1559)