Add.

1 files changed, 13 insertions, 3 deletions

diff --git a/NEWS b/NEWS
index 5c4a41defa..2a46a9e7dc 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,18 @@ See the end for copying conditions.
 
 * Version 2.4.1 (unreleased)
 
+** libgnutls: Fix local crash in gnutls_handshake.  [GNUTLS-SA-2008-2]
+If the gnutls_handshake function is called for a normal session, which
+can happen for re-handshakes, the library would crash because it tried
+to hash some data using a libgcrypt handle that had been deallocated.
+Report and tiny patch from Tomas Mraz <tmraz@redhat.com>.  Any updates
+with more details about this vulnerability will be added to
+<http://www.gnu.org/software/gnutls/security.html>
+
+** libgnutls: Fix memory leaks when doing a re-handshake.
+Reported by Sam Varshavchik <mrsam@courier-mta.com> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2928>.
+
 ** Fix compiler warnings.
 Reported by Massimo Gaspari <massimo.gaspari@alice.it> in
 <http://permalink.gmane.org/gmane.network.gnutls.general/1281>.
@@ -13,9 +25,7 @@ Reported by Massimo Gaspari <massimo.gaspari@alice.it> in
 Reported by Roman Bogorodskiy <novel@FreeBSD.org> in
 <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2930>.
 
-** Fix memory leaks when doing a re-handshake.
-Reported by Sam Varshavchik <mrsam@courier-mta.com> in
-<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2928>.
+** srptool: Fix a problem where --verify check does not succeed.
 
 ** API and ABI modifications:
 No changes since last version.