Update CHANGES.md and NEWS.md for new release

Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/23422)
author: Matt Caswell <matt@openssl.org> 2024-01-29 16:19:24 +0000
committer: Matt Caswell <matt@openssl.org> 2024-01-30 12:53:15 +0000
commit: d2103cdf6184a1ecd2c5363203770ecaf9efef24 (patch)
tree: 0292e59023ebadf4099ca80d896375e372fa6f8d
parent: a4ea3dfc4d8e3023d30be881e983c5ca1027979d (diff)
2 files changed, 47 insertions, 23 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 440132a6b1..81c11c6ed2 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -27,6 +27,26 @@ OpenSSL 3.2
 
 ### Changes between 3.2.0 and 3.2.1 [xx XXX xxxx]
 
+ * A file in PKCS12 format can contain certificates and keys and may come from
+   an untrusted source. The PKCS12 specification allows certain fields to be
+   NULL, but OpenSSL did not correctly check for this case. A fix has been
+   applied to prevent a NULL pointer dereference that results in OpenSSL
+   crashing. If an application processes PKCS12 files from an untrusted source
+   using the OpenSSL APIs then that application will be vulnerable to this
+   issue prior to this fix.
+
+   OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
+   PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
+   and PKCS12_newpass().
+
+   We have also fixed a similar issue in SMIME_write_PKCS7(). However since this
+   function is related to writing data we do not consider it security
+   significant.
+
+   ([CVE-2024-0727])
+
+   *Matt Caswell*
+
  * When function EVP_PKEY_public_check() is called on RSA public keys,
    a computation is done to confirm that the RSA modulus, n, is composite.
    For valid RSA keys, n is a product of two or more large primes and this
@@ -75,6 +95,20 @@ OpenSSL 3.2
 
    *Rohan McLure*
 
+ * Fix excessive time spent in DH check / generation with large Q parameter
+   value.
+
+   Applications that use the functions DH_generate_key() to generate an
+   X9.42 DH key may experience long delays. Likewise, applications that use
+   DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
+   to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
+   Where the key or parameters that are being checked have been obtained from
+   an untrusted source this may lead to a Denial of Service.
+
+   ([CVE-2023-5678])
+
+   *Richard Levitte*
+
  * Disable building QUIC server utility when OpenSSL is configured with
    `no-apps`.
 
@@ -532,22 +566,6 @@ OpenSSL 3.2
 OpenSSL 3.1
 -----------
 
-### Changes between 3.1.4 and 3.1.5 [xx XXX xxxx]
-
- * Fix excessive time spent in DH check / generation with large Q parameter
-   value.
-
-   Applications that use the functions DH_generate_key() to generate an
-   X9.42 DH key may experience long delays. Likewise, applications that use
-   DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
-   to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
-   Where the key or parameters that are being checked have been obtained from
-   an untrusted source this may lead to a Denial of Service.
-
-   ([CVE-2023-5678])
-
-   *Richard Levitte*
-
 ### Changes between 3.1.3 and 3.1.4 [24 Oct 2023]
 
  * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(),
@@ -20374,6 +20392,7 @@ ndif
 
 <!-- Links -->
 
+[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
 [CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
 [CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
 [CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
diff --git a/NEWS.md b/NEWS.md
index 24c8aaaaeb..73c6e7f4d7 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -22,12 +22,21 @@ OpenSSL 3.2
 
 ### Major changes between OpenSSL 3.2.0 and OpenSSL 3.2.1 [under development]
 
-  * Fixed Excessive time spent checking invalid RSA public keys
-    ([CVE-2023-6237])
+OpenSSL 3.2.1 is a security patch release. The most severe CVE fixed in this
+release is Low.
+
+This release incorporates the following bug fixes and mitigations:
 
+  * Fixed PKCS12 Decoding crashes
+    ([CVE-2024-0727])
+  * Fixed excessive time spent checking invalid RSA public keys
+    ([CVE-2023-6237])
   * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
     CPUs which support PowerISA 2.07
     ([CVE-2023-6129])
+  * Fixed excessive time spent in DH check / generation with large Q parameter
+    value
+    [(CVE-2023-5678)]
 
 ### Major changes between OpenSSL 3.1 and OpenSSL 3.2.0 [23 Nov 2023]
 
@@ -116,11 +125,6 @@ tracker][issue tracker].
 OpenSSL 3.1
 -----------
 
-### Major changes between OpenSSL 3.1.4 and OpenSSL 3.1.5 [under development]
-
-  * Fix excessive time spent in DH check / generation with large Q parameter
-    value ([CVE-2023-5678])
-
 ### Major changes between OpenSSL 3.1.3 and OpenSSL 3.1.4 [24 Oct 2023]
 
   * Mitigate incorrect resize handling for symmetric cipher keys and IVs.
@@ -1576,6 +1580,7 @@ OpenSSL 0.9.x
 
 <!-- Links -->
 
+[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
 [CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
 [CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
 [CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
author	Matt Caswell <matt@openssl.org>	2024-01-29 16:19:24 +0000
committer	Matt Caswell <matt@openssl.org>	2024-01-30 12:53:15 +0000
commit	d2103cdf6184a1ecd2c5363203770ecaf9efef24 (patch)
tree	0292e59023ebadf4099ca80d896375e372fa6f8d
parent	a4ea3dfc4d8e3023d30be881e983c5ca1027979d (diff)