document the CVE fix

author Hubert Kario <hkario@redhat.com>

Wed, 8 Feb 2023 13:43:45 +0000 (14:43 +0100)

committer Hubert Kario <hkario@redhat.com>

Wed, 8 Feb 2023 13:53:45 +0000 (14:53 +0100)
author Hubert Kario <hkario@redhat.com>
Wed, 8 Feb 2023 13:43:45 +0000 (14:43 +0100)
committer Hubert Kario <hkario@redhat.com>
Wed, 8 Feb 2023 13:53:45 +0000 (14:53 +0100)
diff --git a/NEWS b/NEWS

index a060176b0f0079f29e32cd15f2b4b0f8a4849621..35212bba80bbe0d9e1717b42b03604d17b263402 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,10 @@ See the end for copying conditions.
  
  * Version 3.8.0 (unreleased ????-??-??)
  
+** libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange.
+   Reported by Hubert Kario (#1050). Fix developed by Alexander Sosedkin.
+   [GNUTLS-SA-2020-07-14, CVSS: medium] [CVE-2023-0361]
+
  ** guile: Guile-bindings removed.
  They have been extracted into a separate project to reduce complexity
  and to simplify maintenance, see <https://gitlab.com/gnutls/guile/>.
author	Hubert Kario <hkario@redhat.com>
	Wed, 8 Feb 2023 13:43:45 +0000 (14:43 +0100)
committer	Hubert Kario <hkario@redhat.com>
	Wed, 8 Feb 2023 13:53:45 +0000 (14:53 +0100)