The final report can be found here.

The report identifies 4 major vulnerabilities, 2 of them are judged of high severity and are as follows:

• The most commonly used windows versions of TrueCrypt were found to have a specific problem with calling the function CryptAcquireContext which is used in Truecrypt exclusively for the purpose of generating random numbers. In a variety of windows configurations ranging from Windows XP to Windows 8.1. the function will fail silently for example due to group policy settings in managed enterprise configurations. Then however Truecrypt does NOT fail and will continue with weak sources of randomness. Due to these  additional sources of entropy, Truecrypt is not very easy to break nevertheless. More details here and in the report.
• We are reminded about the AES vulnerability to cache timing attacks and Trucrypt contains several vulnerable implementations of AES. However users who use Intel CPUs will use hardware AES, which case is claimed to be secure against cache attacks. More secure software implementations could be developed protecting two outer rounds.
• In both cases a lot more work could be done in order to evaluate the complexity of key recovery attacks in practical attack scenarios.