update from current 0.9.6-stable CHANGES file

CHANGES

@@ -5,7 +5,7 @@
  Changes between 0.9.7d and 0.9.7e  [XX xxx XXXX]
 
   *) Reduce the chances of duplicate issuer name and serial numbers (in
-     violation of RFC3280) using the OpenSSL certificate creation utilities. 
+     violation of RFC3280) using the OpenSSL certificate creation utilities.
      This is done by creating a random 64 bit value for the initial serial
      number when a serial number file is created or when a self signed
      certificate is created using 'openssl req -x509'. The initial serial
@@ -2048,6 +2048,20 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   *) Clean old EAY MD5 hack from e_os.h.
      [Richard Levitte]
 
+ Changes between 0.9.6l and 0.9.6m  [17 Mar 2004]
+
+  *) Fix null-pointer assignment in do_change_cipher_spec() revealed
+     by using the Codenomicon TLS Test Tool (CAN-2004-0079)
+     [Joe Orton, Steve Henson]
+
+ Changes between 0.9.6k and 0.9.6l  [04 Nov 2003]
+
+  *) Fix additional bug revealed by the NISCC test suite:
+
+     Stop bug triggering large recursion when presented with
+     certain ASN.1 tags (CAN-2003-0851)
+     [Steve Henson]
+
  Changes between 0.9.6j and 0.9.6k  [30 Sep 2003]
 
   *) Fix various bugs revealed by running the NISCC test suite: