From c50f8e2c6c066be053a2886cfddc41992fb2ca82 Mon Sep 17 00:00:00 2001
From: Theo Buehler <tb@openbsd.org>
Date: Tue, 8 Dec 2020 16:15:35 +0100
Subject: Release notes for GENERAL_NAME_cmp() NULL deref

---
 ChangeLog | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 06fedf4..d65412e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,11 @@ history is also available from Git.
 
 LibreSSL Portable Release Notes:
 
+3.3.1 - Security fix
+
+	* Malformed ASN.1 in a certificate revocation list or a timestamp
+	  response token can lead to a NULL pointer dereference.
+
 3.3.0 - Development release
 
 	* Make openssl(1) s_server ignore -4 and -6 for compatibility with
@@ -129,6 +134,11 @@ LibreSSL Portable Release Notes:
 
 	* Various documentation improvements, particularly around TLS methods.
 
+3.2.3 - Security fix
+
+	* Malformed ASN.1 in a certificate revocation list or a timestamp
+	  response token can lead to a NULL pointer dereference.
+
 3.2.2 - Stable release
 
 	* This is the first stable release with the new TLSv1.3
@@ -380,6 +390,11 @@ LibreSSL Portable Release Notes:
 
 	* Use non-expired certificates first when building a certificate chain.
 
+3.1.5 - Security fix
+
+	* Malformed ASN.1 in a certificate revocation list or a timestamp
+	  response token can lead to a NULL pointer dereference.
+
 3.1.4 - Interoperability and bug fixes for the TLSv1.3 client:
 
 	* Improve client certificate selection to allow EC certificates
-- 
cgit v1.2.3-55-g6feb