Update CHANGES.md and NEWS.md for new release

Reviewed-by: Tomas Mraz <tomas@openssl.org>
author: Matt Caswell <matt@openssl.org> 2021-03-25 11:20:50 +0100
committer: Matt Caswell <matt@openssl.org> 2021-03-25 14:12:42 +0100
commit: 468d9d556409a53da2c5d16961f9531dd10a6e1b (patch)
tree: f63c695e506f406bcdd5e400beee8a9f0aea863f /NEWS.md
parent: Ensure buffer/length pairs are always in sync (diff)
download: openssl-468d9d556409a53da2c5d16961f9531dd10a6e1b.tar.xz
openssl-468d9d556409a53da2c5d16961f9531dd10a6e1b.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/NEWS.md b/NEWS.md
index a9e796dd7b..923a713087 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -87,6 +87,11 @@ OpenSSL 1.1.1
 
 ### Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [under development]
 
+  * Fixed a problem with verifying a certificate chain when using the
+    X509_V_FLAG_X509_STRICT flag ([CVE-2021-3450])
+  * Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously
+    crafted renegotiation ClientHello message from a client ([CVE-2021-3449])
+
 ### Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021]
 
   * Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()
author	Matt Caswell <matt@openssl.org>	2021-03-25 11:20:50 +0100
committer	Matt Caswell <matt@openssl.org>	2021-03-25 14:12:42 +0100
commit	468d9d556409a53da2c5d16961f9531dd10a6e1b (patch)
tree	f63c695e506f406bcdd5e400beee8a9f0aea863f /NEWS.md
parent	Ensure buffer/length pairs are always in sync (diff)
download	openssl-468d9d556409a53da2c5d16961f9531dd10a6e1b.tar.xz openssl-468d9d556409a53da2c5d16961f9531dd10a6e1b.zip