doc: add OpenSSL CVE fix to notable changes in v15.5.0

PR-URL: https://github.com/nodejs/node/pull/36798 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
author: Beth Griggs <bgriggs@redhat.com> 2021-01-05 15:02:16 +0300
committer: Rich Trott <rtrott@gmail.com> 2021-01-06 07:39:53 +0300
commit: 81442fa9fdc900e4b7058b142dfbdd268d2dbd6a (patch)
tree: 58c4de995a827d3240718bf53807508b73239b6f /doc/changelogs/CHANGELOG_V15.md
parent: a3fcf24a6c2f1c3089eb11b585143a70126046ab (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/changelogs/CHANGELOG_V15.md b/doc/changelogs/CHANGELOG_V15.md
index 0b575a98445..8a9b03c9891 100644
--- a/doc/changelogs/CHANGELOG_V15.md
+++ b/doc/changelogs/CHANGELOG_V15.md
@@ -77,6 +77,12 @@ Vulnerabilities fixed:
 
 ### Notable Changes
 
+#### OpenSSL-1.1.1i
+
+OpenSSL-1.1.1i contains a fix for CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High). This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt
+
+Contributed by Myles Borins [#36520](https://github.com/nodejs/node/pull/36520).
+
 #### Extended support for `AbortSignal` in child_process and stream
 
 The following APIs now support an `AbortSignal` in their options object:
author	Beth Griggs <bgriggs@redhat.com>	2021-01-05 15:02:16 +0300
committer	Rich Trott <rtrott@gmail.com>	2021-01-06 07:39:53 +0300
commit	81442fa9fdc900e4b7058b142dfbdd268d2dbd6a (patch)
tree	58c4de995a827d3240718bf53807508b73239b6f /doc/changelogs/CHANGELOG_V15.md
parent	a3fcf24a6c2f1c3089eb11b585143a70126046ab (diff)