Update CHANGES and NEWS for new release

Reviewed-by: Richard Levitte <levitte@openssl.org>

2 files changed, 14 insertions, 1 deletions

diff --git a/CHANGES b/CHANGES
index ff01d65b7e..d08b3c74f5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,19 @@
 
  Changes between 1.1.1h and 1.1.1i [xx XXX xxxx]
 
+  *) Fixed NULL pointer deref in the GENERAL_NAME_cmp function
+     This function could crash if both GENERAL_NAMEs contain an EDIPARTYNAME.
+     If an attacker can control both items being compared  then this could lead
+     to a possible denial of service attack. OpenSSL itself uses the
+     GENERAL_NAME_cmp function for two purposes:
+     1) Comparing CRL distribution point names between an available CRL and a
+        CRL distribution point embedded in an X509 certificate
+     2) When verifying that a timestamp response token signer matches the
+        timestamp authority name (exposed via the API functions
+        TS_RESP_verify_response and TS_RESP_verify_token)
+     (CVE-2020-1971)
+     [Matt Caswell]
+
   *) Add support for Apple Silicon M1 Macs with the darwin64-arm64-cc target.
      [Stuart Carnie]
 
diff --git a/NEWS b/NEWS
index 0a9adf3e3d..5a304ae600 100644
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,7 @@
 
   Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [under development]
 
-      o
+      o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971)
 
   Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020]