Update Nettle-3.7.3 NEWS.

(cherry picked from commit 52bacacaf4339fd78289f58919732f1f35bea1c1)

diff --git a/NEWS b/NEWS
index 897527c9e60ccd72c5c1ff9bf3320ac206a0d738..4a55da8f1dfc3a45ec10d5ba2d690dba714fc58b 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,41 @@
+NEWS for the Nettle 3.7.3 release
+
+       This is bugfix release, fixing bugs that could make the RSA
+       decryption functions crash on invalid inputs.
+
+       Upgrading to the new version is strongly recommended. For
+       applications that want to support older versions of Nettle,
+       the bug can be worked around by adding a check that the RSA
+       ciphertext is in the range 0 < ciphertext < n, before
+       attempting to decrypt it.
+
+       Thanks to Paul Schaub and Justus Winter for reporting these
+       problems.
+
+       The new version is intended to be fully source and binary
+       compatible with Nettle-3.6. The shared library names are
+       libnettle.so.8.4 and libhogweed.so.6.4, with sonames
+       libnettle.so.8 and libhogweed.so.6.
+
+       Bug fixes:
+
+       * Fix crash for zero input to rsa_sec_decrypt and
+         rsa_decrypt_tr. Potential denial of service vector.
+
+       * Ensure that all of rsa_decrypt_tr and rsa_sec_decrypt return
+         failure for out of range inputs, instead of either crashing,
+         or silently reducing input modulo n. Potential denial of
+         service vector.
+
+       * Ensure that rsa_decrypt returns failure for out of range
+         inputs, instead of silently reducing input modulo n.
+
+       * Ensure that rsa_sec_decrypt returns failure if the message
+         size is too large for the given key. Unlike the other bugs,
+         this would typically be triggered by invalid local
+         configuration, rather than by processing untrusted remote
+         data.
+
 NEWS for the Nettle 3.7.2 release
 
        This is a bugfix release, fixing a bug in ECDSA signature