diff --git a/CHANGES b/CHANGES
index f39e3fdff0..efe71e7f23 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,47 @@
+6.2.0-dev.74 | 2023-10-27 11:04:16 -0700
+
+  * IEEE802_11: Fix buffer-overflow due to not accounting for the amsdu header (Arne Welzel, Corelight)
+
+    The fuzzer generated input where data length left was 14 and the amsdu_len
+    field set to 14. That caused buffer overread due not taking into account
+    the amsdu header length of 14.
+
+  * ssl: Prevent unbounded ssl_history growth (Arne Welzel, Corelight)
+
+    The ssl_history field may grow unbounded (e.g., ssl_alert event). Prevent this
+    by capping using a configurable limit (default 100) and raise a weird once reached.
+
+  * ssl: Cap number of alerts parsed from SSL record (Arne Welzel, Corelight)
+
+    Limit the number of events raised from an SSL record with content_type
+    alert (21) to a configurable maximum number (default 10). For TLS 1.3,
+    the limit is set to 1 as specified in the RFC. Add a new weird cases
+    where the limit is exceeded.
+
+    OSS-Fuzz managed to generate a reproducer that raised ~660k ssl_plaintext
+    and ssl_alert events given ~810kb of input data. This change prevents this
+    with hopefully no negative side-effect in the real-world.
+
+  * ftp: Do not base seq on number of pending commands (Arne Welzel, Corelight)
+
+    Previously, seq was computed as the result of |pending_commands|+1. This
+    opened the possibility to override queued commands, as well as logging
+    the same pending ftp reply multiple times.
+
+    For example, when commands 1, 2, 3 are pending, command 1 may be dequeued,
+    but the incoming command then receives seq 3 and overrides the already
+    pending command 3. The second scenario happens when ftp_reply() selected
+    command 3 as pending for logging, but is then followed by many ftp_request()
+    events. This resulted in command 3's response being logged for every
+    following ftp_request() over and over again.
+
+    Avoid both scenarios by tracking the command sequence as an absolute counter.
+
+  * X509Common/SCT parsing: Fix memory leak in error case (Arne Welzel, Corelight)
+
+    Failed to free the copy of the OCSP extension's value the inner
+    octet string couldn't be parsed.
+
 6.2.0-dev.64 | 2023-10-27 19:19:55 +0200
 
   * fuzzers: Add DTLS fuzzer (Arne Welzel, Corelight)
diff --git a/VERSION b/VERSION
index dcb8508e73..155e01b3d8 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-6.2.0-dev.64
+6.2.0-dev.74
diff --git a/src/packet_analysis/protocol/ieee802_11/IEEE802_11.cc b/src/packet_analysis/protocol/ieee802_11/IEEE802_11.cc
index beb69b2616..4300931b98 100644
--- a/src/packet_analysis/protocol/ieee802_11/IEEE802_11.cc
+++ b/src/packet_analysis/protocol/ieee802_11/IEEE802_11.cc
@@ -105,7 +105,7 @@ bool IEEE802_11Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet*
 
 			// This is the length of everything after the A-MSDU subframe header.
 			size_t amsdu_len = (data[12] << 8) + data[13];
-			if ( len < amsdu_len )
+			if ( len < amsdu_len + 14 )
 				{
 				Weird("truncated_802_11_amsdu_packet", packet);
 				return false;