From afb19f07aecc84998eeea56c4d65f5e0499abb5a Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 30 Jan 2024 16:51:52 +0000 Subject: [PATCH] Remove a CVE reference from CHANGES/NEWS master/3.2 was never vulnerable to CVE-2023-5678 since it was fixed before it was released. Reviewed-by: Tom Cosgrove Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/23432) --- CHANGES.md | 14 +++++++------- NEWS.md | 9 ++++++--- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index bc0d03b5b3..0682164864 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -160,6 +160,13 @@ OpenSSL 3.2 *Rohan McLure* + * Disable building QUIC server utility when OpenSSL is configured with + `no-apps`. + + *Vitalii Koshura* + +### Changes between 3.1 and 3.2.0 [23 Nov 2023] + * Fix excessive time spent in DH check / generation with large Q parameter value. @@ -174,13 +181,6 @@ OpenSSL 3.2 *Richard Levitte* - * Disable building QUIC server utility when OpenSSL is configured with - `no-apps`. - - *Vitalii Koshura* - -### Changes between 3.1 and 3.2.0 [23 Nov 2023] - * The BLAKE2b hash algorithm supports a configurable output length by setting the "size" parameter. diff --git a/NEWS.md b/NEWS.md index b0514c65ce..a0748e6a39 100644 --- a/NEWS.md +++ b/NEWS.md @@ -43,9 +43,6 @@ This release incorporates the following bug fixes and mitigations: * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC CPUs which support PowerISA 2.07 ([CVE-2023-6129]) - * Fixed excessive time spent in DH check / generation with large Q parameter - value - [(CVE-2023-5678)] ### Major changes between OpenSSL 3.1 and OpenSSL 3.2.0 [23 Nov 2023] @@ -121,6 +118,12 @@ This release incorporates the following documentation enhancements: See [OpenSSL Guide]. +This release incorporates the following bug fixes and mitigations: + + * Fixed excessive time spent in DH check / generation with large Q parameter + value + ([CVE-2023-5678]) + A more detailed list of changes in this release can be found in the [CHANGES.md] file.