1 files changed, 19 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 32c76ab..63d714e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,12 +28,31 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
+2.2.5 - Reliability Update
+        * Fixes from OpenSSL 1.0.1q
+         - CVE-2015-3194 - NULL pointer dereference in client side certificate
+                           validation.
+         - CVE-2015-3195 - Memory leak in PKCS7 - not reachable from TLS/SSL
+        * The following OpenSSL CVEs did not apply to LibreSSL
+         - CVE-2015-3193 - Carry propagating bug in the x86_64 Montgomery
+                           squaring procedure.
+         - CVE-2015-3196 - Double free race condition of the identify hint
+                           data.
+         See https://marc.info/?l=openbsd-announce&m=144925068504102
 2.2.4 - Build and bug fixes
        * Backported build fixes for CMake on Windows, OSX and Linux
        * Fixes for a memory leak and out-of-bounds access in OBJ_obj2txt
          reported by Qualys Security.
+         - CVE-2015-5333 - memory leak in OBJ_obj2txt
+         - CVE-2015-5334 - 1-byte buffer overflow in OBJ_obj2txt
+         See http://www.openwall.com/lists/oss-security/2015/10/16/1
 2.2.3 - Bug fixes, build enhancements

diff --git a/ChangeLog b/ChangeLog index 32c76ab..63d714e 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,12 +28,31 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
		31	2.2.5 - Reliability Update
		32
		33	* Fixes from OpenSSL 1.0.1q
		34	- CVE-2015-3194 - NULL pointer dereference in client side certificate
		35	validation.
		36	- CVE-2015-3195 - Memory leak in PKCS7 - not reachable from TLS/SSL
		37
		38	* The following OpenSSL CVEs did not apply to LibreSSL
		39	- CVE-2015-3193 - Carry propagating bug in the x86_64 Montgomery
		40	squaring procedure.
		41	- CVE-2015-3196 - Double free race condition of the identify hint
		42	data.
		43
		44	See https://marc.info/?l=openbsd-announce&m=144925068504102
		45
31	2.2.4 - Build and bug fixes	46	2.2.4 - Build and bug fixes
32		47
33	* Backported build fixes for CMake on Windows, OSX and Linux	48	* Backported build fixes for CMake on Windows, OSX and Linux
34		49
35	* Fixes for a memory leak and out-of-bounds access in OBJ_obj2txt	50	* Fixes for a memory leak and out-of-bounds access in OBJ_obj2txt
36	reported by Qualys Security.	51	reported by Qualys Security.
		52	- CVE-2015-5333 - memory leak in OBJ_obj2txt
		53	- CVE-2015-5334 - 1-byte buffer overflow in OBJ_obj2txt
		54
		55	See http://www.openwall.com/lists/oss-security/2015/10/16/1
37		56
38	2.2.3 - Bug fixes, build enhancements	57	2.2.3 - Bug fixes, build enhancements
39		58