From ca430ece0d5cf5820d9e580252f3118602e40332 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 26 Sep 2016 09:51:30 +0100
Subject: [PATCH] Update CHANGES and NEWS for the new release

Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 CHANGES | 10 +++++++++-
 NEWS    |  2 +-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index c07237917d..b1787541ef 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,15 @@
 
  Changes between 1.0.2i and 1.0.2j [xx XXX xxxx]
 
-  *)
+  *) Missing CRL sanity check
+
+     A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
+     but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
+     CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
+
+     This issue only affects the OpenSSL 1.0.2i
+     (CVE-2016-7052)
+     [Matt Caswell]
 
  Changes between 1.0.2h and 1.0.2i [22 Sep 2016]
 
diff --git a/NEWS b/NEWS
index 6a787e69ec..412a2effc7 100644
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,7 @@
 
   Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [under development]
 
-      o
+      o Fix Use After Free for large message sizes (CVE-2016-6309)
 
   Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]
 
-- 
2.25.1