make update

[oweals/openssl.git] / NEWS

diff --git a/NEWS b/NEWS
index a51e77de630ec3321965bdfef615dfc345d0ff39..ad8175cd0dee8bf28e7e0b1bf2fc3daf2260e5ae 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,29 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.8zb and OpenSSL 0.9.8zc [under development]:
+
+      o Fix for CVE-2014-3513
+      o Fix for CVE-2014-3567
+      o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
+      o Fix for CVE-2014-3568
+
+  Major changes between OpenSSL 0.9.8za and OpenSSL 0.9.8zb [6 Aug 2014]:
+
+      o Fix for CVE-2014-3510
+      o Fix for CVE-2014-3507
+      o Fix for CVE-2014-3506
+      o Fix for CVE-2014-3505
+      o Fix for CVE-2014-3508
+
+  Known issues in OpenSSL 0.9.8za:
+
+      o Compilation failure of s3_pkt.c on some platforms due to missing
+        <limits.h> include. Fixed in 0.9.8zb-dev.
+      o FIPS capable link failure with missing symbol BN_consttime_swap.
+        Fixed in 0.9.8zb-dev. Workaround is to compile with no-ec: the EC
+        algorithms are not FIPS approved in OpenSSL 0.9.8 anyway.
+
   Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]:
 
       o Fix for CVE-2014-0224