Remove a CVE reference from CHANGES/NEWS

master/3.2 was never vulnerable to CVE-2023-5678 since it was fixed before
it was released.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23432)

CHANGES.md

@@ -160,6 +160,13 @@ OpenSSL 3.2
 
    *Rohan McLure*
 
+ * Disable building QUIC server utility when OpenSSL is configured with
+   `no-apps`.
+
+   *Vitalii Koshura*
+
+### Changes between 3.1 and 3.2.0 [23 Nov 2023]
+
  * Fix excessive time spent in DH check / generation with large Q parameter
    value.
 
@@ -174,13 +181,6 @@ OpenSSL 3.2
 
    *Richard Levitte*
 
- * Disable building QUIC server utility when OpenSSL is configured with
-   `no-apps`.
-
-   *Vitalii Koshura*
-
-### Changes between 3.1 and 3.2.0 [23 Nov 2023]
-
  * The BLAKE2b hash algorithm supports a configurable output length
    by setting the "size" parameter.
 

NEWS.md

@@ -43,9 +43,6 @@ This release incorporates the following bug fixes and mitigations:
   * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
     CPUs which support PowerISA 2.07
     ([CVE-2023-6129])
-  * Fixed excessive time spent in DH check / generation with large Q parameter
-    value
-    [(CVE-2023-5678)]
 
 ### Major changes between OpenSSL 3.1 and OpenSSL 3.2.0 [23 Nov 2023]
 
@@ -121,6 +118,12 @@ This release incorporates the following documentation enhancements:
 
     See [OpenSSL Guide].
 
+This release incorporates the following bug fixes and mitigations:
+
+  * Fixed excessive time spent in DH check / generation with large Q parameter
+    value
+    ([CVE-2023-5678])
+
 A more detailed list of changes in this release can be found in the
 [CHANGES.md] file.