doc update

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-02-23 16:48:31 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-02-23 16:48:31 +0100
commit: 4b5216d9b8ed0f135688da2b673c26d6d07df3ae (patch)
tree: 5f19e6c3815c228e0786e5faabfe74cbbe556490
parent: 0e9cce408c680e0f723512bdcdcecdfb60ad59ee (diff)
download: gnutls-4b5216d9b8ed0f135688da2b673c26d6d07df3ae.tar.gz
1 files changed, 7 insertions, 2 deletions
diff --git a/NEWS b/NEWS
index 1743148cfb..49f2b042eb 100644
--- a/NEWS
+++ b/NEWS
@@ -18,8 +18,13 @@ See the end for copying conditions.
    a long list of names in functions such as gnutls_x509_crt_check_hostname().
    With the current code, the SANs are parsed once on certificate import.
 
-** libgnutls: Addressed invalid memory access in OpenPGP certificate parsing.
-   (issue found using oss-fuzz project)
+** libgnutls: Addressed integer overflow resulting to invalid memory write
+   in OpenPGP certificate parsing (issue found using oss-fuzz project:
+   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 )
+
+** libgnutls: Addressed read of 1 byte past the end of buffer in OpenPGP
+   certificate parsing (issue found using oss-fuzz project:
+   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391 )
 
 ** libgnutls: Print the key PIN value used by the HPKP protocol as per RFC7469
    when printing certificate information.
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-02-23 16:48:31 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-02-23 16:48:31 +0100
commit	4b5216d9b8ed0f135688da2b673c26d6d07df3ae (patch)
tree	5f19e6c3815c228e0786e5faabfe74cbbe556490
parent	0e9cce408c680e0f723512bdcdcecdfb60ad59ee (diff)
download	gnutls-4b5216d9b8ed0f135688da2b673c26d6d07df3ae.tar.gz