doc update

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

1 files changed, 7 insertions, 2 deletions

diff --git a/NEWS b/NEWS
index 21712dfae3..beb58aa37d 100644
--- a/NEWS
+++ b/NEWS
@@ -9,13 +9,18 @@ See the end for copying conditions.
 
 ** libgnutls: Addressed integer overflow resulting to invalid memory write
    in OpenPGP certificate parsing. Issue found using oss-fuzz project:
-   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
+   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 [GNUTLS-SA-2017-3A]
 
 ** libgnutls: Addressed crashes in OpenPGP certificate parsing, related
    to private key parser. No longer allow OpenPGP certificates (public keys)
    to contain private key sub-packets. Issue found using oss-fuzz project:
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
-   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
+   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 [GNUTLS-SA-2017-3B]
+
+** libgnutls: Addressed large allocation in OpenPGP certificate parsing, that
+   could lead in out-of-memory condition. Issue found using oss-fuzz project,
+   and was fixed by Alex Gaynor:
+   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 [GNUTLS-SA-2017-3C]
 
 ** API and ABI modifications:
 No changes since last version.