Add CHANGES.md and NEWS.md entries for CVE-2023-6237

Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23243)
author: Tomas Mraz <tomas@openssl.org> 2024-01-09 18:08:22 +0100
committer: Tomas Mraz <tomas@openssl.org> 2024-01-15 10:54:34 +0100
commit: 38b2508f638787842750aec9a75745e1d8786743 (patch)
tree: 8bf11af5adbbd1d8ee9e2e0648935b156af3b8a3 /NEWS.md
parent: Limit the execution time of RSA public key check (diff)
download: openssl-38b2508f638787842750aec9a75745e1d8786743.tar.xz
openssl-38b2508f638787842750aec9a75745e1d8786743.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/NEWS.md b/NEWS.md
index a41353e1a6..351f21034a 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -31,7 +31,10 @@ OpenSSL 3.2
 
 ### Major changes between OpenSSL 3.2.0 and OpenSSL 3.2.1 [under development]
 
-  * Fix POLY1305 MAC implementation corrupting vector registers on PowerPC
+  * Fixed Excessive time spent checking invalid RSA public keys
+    ([CVE-2023-6237])
+
+  * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
     CPUs which support PowerISA 2.07
     ([CVE-2023-6129])
 
@@ -1582,6 +1585,7 @@ OpenSSL 0.9.x
 
 <!-- Links -->
 
+[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
 [CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
 [CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
 [CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
author	Tomas Mraz <tomas@openssl.org>	2024-01-09 18:08:22 +0100
committer	Tomas Mraz <tomas@openssl.org>	2024-01-15 10:54:34 +0100
commit	38b2508f638787842750aec9a75745e1d8786743 (patch)
tree	8bf11af5adbbd1d8ee9e2e0648935b156af3b8a3 /NEWS.md
parent	Limit the execution time of RSA public key check (diff)
download	openssl-38b2508f638787842750aec9a75745e1d8786743.tar.xz openssl-38b2508f638787842750aec9a75745e1d8786743.zip