document the CVE fix

author Hubert Kario <hkario@redhat.com>

Wed, 8 Feb 2023 13:43:45 +0000 (14:43 +0100)

committer Zoltan Fridrich <zfridric@redhat.com>

Thu, 9 Feb 2023 10:45:42 +0000 (11:45 +0100)
author Hubert Kario <hkario@redhat.com>
Wed, 8 Feb 2023 13:43:45 +0000 (14:43 +0100)
committer Zoltan Fridrich <zfridric@redhat.com>
Thu, 9 Feb 2023 10:45:42 +0000 (11:45 +0100)
diff --git a/NEWS b/NEWS

index beaa5ebae8b063aa2003525b901fd12f8201fdb3..9be7ab41e2a7caba7deeb179834bac539b42b03f 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,15 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc.
  Copyright (C) 2013-2019 Nikos Mavrogiannopoulos
  See the end for copying conditions.
  
+* Version 3.7.9 (released 2023-02-09)
+
+** libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange.
+   Reported by Hubert Kario (#1050). Fix developed by Alexander Sosedkin.
+   [GNUTLS-SA-2020-07-14, CVSS: medium] [CVE-2023-0361]
+
+** API and ABI modifications:
+No changes since last version.
+
  * Version 3.7.8 (released 2022-09-27)
  
  ** libgnutls: In FIPS140 mode, RSA signature verification is an approved
author	Hubert Kario <hkario@redhat.com>
	Wed, 8 Feb 2023 13:43:45 +0000 (14:43 +0100)
committer	Zoltan Fridrich <zfridric@redhat.com>
	Thu, 9 Feb 2023 10:45:42 +0000 (11:45 +0100)