1 files changed, 15 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 2893d20..eb50497 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -31,7 +31,7 @@ LibreSSL Portable Release Notes:
 This release primarily addresses a number of security issues in coordination
 with the OpenSSL project.
-2.2.0 - Build cleanups and OS support
+2.2.0 - Build cleanups and new OS support, Security Updates
        * AIX Support - thanks to Michael Felt
@@ -51,6 +51,20 @@ with the OpenSSL project.
        * Various bug fixes and simplifications to libssl and libcrypto
+        * Fixes for the following issues are integrated into LibreSSL 2.2.0:
+         - CVE-2015-1788 - Malformed ECParameters causes infinite loop
+         - CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
+         - CVE-2015-1792 - CMS verify infinite loop with unknown hash function
+        * The following CVEs did not apply to LibreSSL or were fixed in
+          earlier releases:
+         - CVE-2015-4000 - DHE man-in-the-middle protection (Logjam)
+         - CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent
+         - CVE-2014-8176 - Invalid free in DTLS
+        * Fixes for the following CVEs are still in review for LibreSSL
+         - CVE-2015-1791 - Race condition handling NewSessionTicket
 2.1.6 - Security update
        * Fixes for the following issues are integrated into LibreSSL 2.1.6:

diff --git a/ChangeLog b/ChangeLog index 2893d20..eb50497 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -31,7 +31,7 @@ LibreSSL Portable Release Notes:
31	This release primarily addresses a number of security issues in coordination	31	This release primarily addresses a number of security issues in coordination
32	with the OpenSSL project.	32	with the OpenSSL project.
33		33
34	2.2.0 - Build cleanups and OS support	34	2.2.0 - Build cleanups and new OS support, Security Updates
35		35
36	* AIX Support - thanks to Michael Felt	36	* AIX Support - thanks to Michael Felt
37		37
@@ -51,6 +51,20 @@ with the OpenSSL project.
51		51
52	* Various bug fixes and simplifications to libssl and libcrypto	52	* Various bug fixes and simplifications to libssl and libcrypto
53		53
		54	* Fixes for the following issues are integrated into LibreSSL 2.2.0:
		55	- CVE-2015-1788 - Malformed ECParameters causes infinite loop
		56	- CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
		57	- CVE-2015-1792 - CMS verify infinite loop with unknown hash function
		58
		59	* The following CVEs did not apply to LibreSSL or were fixed in
		60	earlier releases:
		61	- CVE-2015-4000 - DHE man-in-the-middle protection (Logjam)
		62	- CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent
		63	- CVE-2014-8176 - Invalid free in DTLS
		64
		65	* Fixes for the following CVEs are still in review for LibreSSL
		66	- CVE-2015-1791 - Race condition handling NewSessionTicket
		67
54	2.1.6 - Security update	68	2.1.6 - Security update
55		69
56	* Fixes for the following issues are integrated into LibreSSL 2.1.6:	70	* Fixes for the following issues are integrated into LibreSSL 2.1.6: