diff --git a/NEWS b/NEWS index 74767da16..8fc97b961 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,13 @@ Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [under development] - o + o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286) + o ASN.1 structure reuse memory corruption fix (CVE-2015-0287) + o PKCS7 NULL pointer dereferences fix (CVE-2015-0289) + o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293) + o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209) + o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288) + o Removed the export ciphers from the DEFAULT ciphers Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]