From d2f950c9843d9c5e30fd13d495f75561fd1512ea Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Sat, 31 Mar 2012 18:55:41 +0000
Subject: [PATCH] CHANGES: mention vpaes fix and harmonize with 1.0.0. PR: 2775

---
 CHANGES | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index d922519b0c..a834647c10 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,11 @@
 
   *)
 
+ Changes between 1.0.1 and 1.0.1a [xx XXX xxxx]
+
+  *) Fix SEGV in Vector Permutation AES module observed in OpenSSH.
+     [Andy Polyakov]
+
  Changes between 1.0.0h and 1.0.1  [14 Mar 2012]
 
   *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET
@@ -289,7 +294,18 @@
        Add command line options to s_client/s_server.
      [Steve Henson]
 
- Changes between 1.0.0g and 1.0.0h [xx XXX xxxx]
+ Changes between 1.0.0g and 1.0.0h [12 Mar 2012]
+
+  *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
+     in CMS and PKCS7 code. When RSA decryption fails use a random key for
+     content decryption and always return the same error. Note: this attack
+     needs on average 2^20 messages so it only affects automated senders. The
+     old behaviour can be reenabled in the CMS code by setting the
+     CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
+     an MMA defence is not necessary.
+     Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
+     this issue. (CVE-2012-0884)
+     [Steve Henson]
 
   *) Fix CVE-2011-4619: make sure we really are receiving a 
      client hello before rejecting multiple SGC restarts. Thanks to
-- 
2.25.1