document the CVE fix

Signed-off-by: Hubert Kario <hkario@redhat.com>
author: Hubert Kario <hkario@redhat.com> 2023-02-08 14:43:45 +0100
committer: Zoltan Fridrich <zfridric@redhat.com> 2023-02-09 11:45:42 +0100
commit: b7bf28a291c781a3b1b0f06c64fd6566aa7260f1 (patch)
tree: 73c4f93be9fbd1bd7cfad506bad2c07995d74e13
parent: 7c963102ec2119eecc1789b993aabe5edfd75f3b (diff)
download: gnutls-b7bf28a291c781a3b1b0f06c64fd6566aa7260f1.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index beaa5ebae8..9be7ab41e2 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,15 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc.
 Copyright (C) 2013-2019 Nikos Mavrogiannopoulos
 See the end for copying conditions.
 
+* Version 3.7.9 (released 2023-02-09)
+
+** libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange.
+   Reported by Hubert Kario (#1050). Fix developed by Alexander Sosedkin.
+   [GNUTLS-SA-2020-07-14, CVSS: medium] [CVE-2023-0361]
+
+** API and ABI modifications:
+No changes since last version.
+
 * Version 3.7.8 (released 2022-09-27)
 
 ** libgnutls: In FIPS140 mode, RSA signature verification is an approved
author	Hubert Kario <hkario@redhat.com>	2023-02-08 14:43:45 +0100
committer	Zoltan Fridrich <zfridric@redhat.com>	2023-02-09 11:45:42 +0100
commit	b7bf28a291c781a3b1b0f06c64fd6566aa7260f1 (patch)
tree	73c4f93be9fbd1bd7cfad506bad2c07995d74e13
parent	7c963102ec2119eecc1789b993aabe5edfd75f3b (diff)
download	gnutls-b7bf28a291c781a3b1b0f06c64fd6566aa7260f1.tar.gz