diff --git a/ANNOUNCE b/ANNOUNCE
index 882559de3..4317f36ed 100644
--- a/ANNOUNCE
+++ b/ANNOUNCE
@@ -1,4 +1,4 @@
-Libpng 1.6.20beta03 - November 24, 2015
+Libpng 1.6.20rc01 - November 25, 2015
 
 This is not intended to be a public release.  It will be replaced
 within a few weeks by a public version or by another test version.
@@ -8,20 +8,20 @@ Files available for download:
 Source files with LF line endings (for Unix/Linux) and with a
 "configure" script
 
-   1.6.20beta03.tar.xz (LZMA-compressed, recommended)
-   1.6.20beta03.tar.gz
+   1.6.20rc01.tar.xz (LZMA-compressed, recommended)
+   1.6.20rc01.tar.gz
 
 Source files with CRLF line endings (for Windows), without the
 "configure" script
 
-   lp1620b03.7z  (LZMA-compressed, recommended)
-   lp1620b03.zip
+   lp1620r01.7z  (LZMA-compressed, recommended)
+   lp1620r01.zip
 
 Other information:
 
-   1.6.20beta03-README.txt
-   1.6.20beta03-LICENSE.txt
-   libpng-1.6.20beta03-*.asc (armored detached GPG signatures)
+   1.6.20rc01-README.txt
+   1.6.20rc01-LICENSE.txt
+   libpng-1.6.20rc01-*.asc (armored detached GPG signatures)
 
 Changes since the last public release (1.6.19):
 
@@ -30,11 +30,16 @@ Version 1.6.20beta01 [November 20, 2015]
     png_handle_pCAL() (Bug report by John Regehr).
 
 Version 1.6.20beta02 [November 23, 2015]
-  Fixed bug recently introduced in png_set_PLTE() that uses png_ptr
-    not info_ptr.
+  Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
+    not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
+    vulnerability.
 
-Version 1.6.20beta03 [(PENDING RELEASE)]
+Version 1.6.20beta03 [November 25, 2015]
   Backported tests from libpng-1.7.0beta69.
+ 
+Version 1.6.20rc01 [November 25, 2015]
+  Fixed an error in handling of bad zlib CMINFO field, found by American
+    Fuzzy Lop.
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
diff --git a/CHANGES b/CHANGES
index 16eafe9bf..6c67dab25 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5419,12 +5419,17 @@ Version 1.6.20beta01 [November 20, 2015]
     png_handle_pCAL() (Bug report by John Regehr).
 
 Version 1.6.20beta02 [November 23, 2015]
-  Fixed bug recently introduced in png_set_PLTE() that uses png_ptr
-    not info_ptr.
+  Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
+    not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
+    vulnerability.
 
-Version 1.6.20beta03 [(PENDING RELEASE)]
+Version 1.6.20beta03 [November 24, 2015]
   Backported tests from libpng-1.7.0beta69.
 
+Version 1.6.20rc01 [November 25, 2015]
+  Fixed an error in handling of bad zlib CMINFO field, found by American
+    Fuzzy Lop.
+
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
 https://lists.sourceforge.net/lists/listinfo/png-mng-implement