Update CHANGES and NEWS for new release

Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Matt Caswell <matt@openssl.org> 2017-02-16 09:51:56 +0000
committer: Matt Caswell <matt@openssl.org> 2017-02-16 10:10:05 +0000
commit: d4da1bb5ab2b8bb08ec6662262fb6b2e3fdafeef (patch)
tree: ec996d7631b116a6425dc84c4ea1785c669ce55b /CHANGES
parent: 2c55b28a34624c18e3d05dfd7acb78895e3a64e6 (diff)
download: openssl-d4da1bb5ab2b8bb08ec6662262fb6b2e3fdafeef.tar.gz
1 files changed, 14 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index 8b27bd5634..3e91a0899e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,7 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 1.1.0a and 1.1.1 [xx XXX xxxx]
+ Changes between 1.1.0e and 1.1.1 [xx XXX xxxx]
 
   *) Add support for SipHash
      [Todd Short]
@@ -24,6 +24,19 @@
   *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd.
      [Emilia Käsper]
 
+ Changes between 1.1.0d and 1.1.0e [16 Feb 2017]
+
+  *) Encrypt-Then-Mac renegotiation crash
+
+     During a renegotiation handshake if the Encrypt-Then-Mac extension is
+     negotiated where it was not in the original handshake (or vice-versa) then
+     this can cause OpenSSL to crash (dependant on ciphersuite). Both clients
+     and servers are affected.
+
+     This issue was reported to OpenSSL by Joe Orton (Red Hat).
+     (CVE-2017-3733)
+     [Matt Caswell]
+
  Changes between 1.1.0c and 1.1.0d [26 Jan 2017]
 
   *) Truncated packet could crash via OOB read
author	Matt Caswell <matt@openssl.org>	2017-02-16 09:51:56 +0000
committer	Matt Caswell <matt@openssl.org>	2017-02-16 10:10:05 +0000
commit	d4da1bb5ab2b8bb08ec6662262fb6b2e3fdafeef (patch)
tree	ec996d7631b116a6425dc84c4ea1785c669ce55b /CHANGES
parent	2c55b28a34624c18e3d05dfd7acb78895e3a64e6 (diff)
download	openssl-d4da1bb5ab2b8bb08ec6662262fb6b2e3fdafeef.tar.gz