doc updatetmp-gnutls_3_3_x-even-more-openpgp-fixes

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-03-01 10:45:08 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-03-01 10:45:08 +0100
commit: c8fdf14e59bfc4e1e85b12d489a0eb892c94b3b4 (patch)
tree: 9c2aad9db2a7313080158a706afff3fb330b9b4c
parent: 9fe2b08714ac25a079f58790fd577b156bf5bf93 (diff)
download: gnutls-tmp-gnutls_3_3_x-even-more-openpgp-fixes.tar.gz
1 files changed, 9 insertions, 2 deletions
diff --git a/NEWS b/NEWS
index 513400262c..21712dfae3 100644
--- a/NEWS
+++ b/NEWS
@@ -7,8 +7,15 @@ See the end for copying conditions.
 
 ** libgnutls: read the pin-value attribute if the p11-kit version allows it.
 
-** libgnutls: Addressed invalid memory access in OpenPGP certificate parsing.
-   (issue found using oss-fuzz project)
+** libgnutls: Addressed integer overflow resulting to invalid memory write
+   in OpenPGP certificate parsing. Issue found using oss-fuzz project:
+   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
+
+** libgnutls: Addressed crashes in OpenPGP certificate parsing, related
+   to private key parser. No longer allow OpenPGP certificates (public keys)
+   to contain private key sub-packets. Issue found using oss-fuzz project:
+   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
+   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
 
 ** API and ABI modifications:
 No changes since last version.
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-03-01 10:45:08 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-03-01 10:45:08 +0100
commit	c8fdf14e59bfc4e1e85b12d489a0eb892c94b3b4 (patch)
tree	9c2aad9db2a7313080158a706afff3fb330b9b4c
parent	9fe2b08714ac25a079f58790fd577b156bf5bf93 (diff)
download	gnutls-tmp-gnutls_3_3_x-even-more-openpgp-fixes.tar.gz