Update OpenSSL to 1.1.0c.

[ffftp/ffftp.git] / contrib / openssl / NEWS

diff --git a/contrib/openssl/NEWS b/contrib/openssl/NEWS
index 7e8a57a..979cb05 100644 (file)
--- a/contrib/openssl/NEWS
+++ b/contrib/openssl/NEWS
@@ -5,6 +5,12 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016]
+
+      o ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054)
+      o CMS Null dereference (CVE-2016-7053)
+      o Montgomery multiplication may produce incorrect results (CVE-2016-7055)
+
   Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016]
 
       o Fix Use After Free for large message sizes (CVE-2016-6309)