diff --git a/NEWS.md b/NEWS.md
index 0eea850772..333ec15e20 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -7,7 +7,32 @@ differ slightly from third-party binary packages.
 
 ClamAV 1.1.1 is a critical patch release with the following fixes:
 
+- [CVE-2023-20197](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20197)
+  Fixed a possible denial of service vulnerability in the HFS+ file parser.
+  This issue affects versions 1.1.0, 1.0.1 through 1.0.0, 0.105.2 through 0.105.0,
+  0.104.4 through 0.104.0, and 0.103.8 through 0.103.0.
+  Thank you to Steve Smith for reporting this issue.
+
+- Fixed a build issue when using the Rust nightly toolchain, which was
+  affecting the oss-fuzz build environment used for regression tests.
+  - GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/997
+
+- Fixed a build issue on Windows when using Rust version 1.70 or newer.
+  - GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/994
+
+- CMake build system improvement to support compiling with OpenSSL 3.x on
+  macOS with the Xcode toolchain.
+
+  The official ClamAV installers and packages are now built with OpenSSL 3.1.1
+  or newer.
+  - GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/972
+
+- Removed a warning message showing the HTTP response codes during the
+  Freshclam database update process.
+  - GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/939
+
 Special thanks to the following people for code contributions and bug reports:
+- Steve Smith
 
 ## 1.1.0