document the CVE fix

Signed-off-by: Hubert Kario <hkario@redhat.com>
author: Hubert Kario <hkario@redhat.com> 2023-02-08 14:43:45 +0100
committer: Hubert Kario <hkario@redhat.com> 2023-02-08 14:53:45 +0100
commit: d9abed8520508161468832c2e77d779a172f65df (patch)
tree: c3ce18e9d80defdd50c985a106a3a66173070857
parent: 4b7ff428291c7ed77c6d2635577c83a43bbae558 (diff)
download: gnutls-d9abed8520508161468832c2e77d779a172f65df.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index a060176b0f..35212bba80 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,10 @@ See the end for copying conditions.
 
 * Version 3.8.0 (unreleased ????-??-??)
 
+** libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange.
+   Reported by Hubert Kario (#1050). Fix developed by Alexander Sosedkin.
+   [GNUTLS-SA-2020-07-14, CVSS: medium] [CVE-2023-0361]
+
 ** guile: Guile-bindings removed.
 They have been extracted into a separate project to reduce complexity
 and to simplify maintenance, see <https://gitlab.com/gnutls/guile/>.
author	Hubert Kario <hkario@redhat.com>	2023-02-08 14:43:45 +0100
committer	Hubert Kario <hkario@redhat.com>	2023-02-08 14:53:45 +0100
commit	d9abed8520508161468832c2e77d779a172f65df (patch)
tree	c3ce18e9d80defdd50c985a106a3a66173070857
parent	4b7ff428291c7ed77c6d2635577c83a43bbae558 (diff)
download	gnutls-d9abed8520508161468832c2e77d779a172f65df.tar.gz