Update CHANGES.md and NEWS.md for new release

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
(Merged from https://github.com/openssl/openssl/pull/23421)

1 files changed, 12 insertions, 7 deletions

diff --git a/NEWS.md b/NEWS.md
index 351f21034a..b0514c65ce 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -31,12 +31,21 @@ OpenSSL 3.2
 
 ### Major changes between OpenSSL 3.2.0 and OpenSSL 3.2.1 [under development]
 
-  * Fixed Excessive time spent checking invalid RSA public keys
-    ([CVE-2023-6237])
+OpenSSL 3.2.1 is a security patch release. The most severe CVE fixed in this
+release is Low.
+
+This release incorporates the following bug fixes and mitigations:
 
+  * Fixed PKCS12 Decoding crashes
+    ([CVE-2024-0727])
+  * Fixed excessive time spent checking invalid RSA public keys
+    ([CVE-2023-6237])
   * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
     CPUs which support PowerISA 2.07
     ([CVE-2023-6129])
+  * Fixed excessive time spent in DH check / generation with large Q parameter
+    value
+    [(CVE-2023-5678)]
 
 ### Major changes between OpenSSL 3.1 and OpenSSL 3.2.0 [23 Nov 2023]
 
@@ -125,11 +134,6 @@ tracker][issue tracker].
 OpenSSL 3.1
 -----------
 
-### Major changes between OpenSSL 3.1.4 and OpenSSL 3.1.5 [under development]
-
-  * Fix excessive time spent in DH check / generation with large Q parameter
-    value ([CVE-2023-5678])
-
 ### Major changes between OpenSSL 3.1.3 and OpenSSL 3.1.4 [24 Oct 2023]
 
   * Mitigate incorrect resize handling for symmetric cipher keys and IVs.
@@ -1585,6 +1589,7 @@ OpenSSL 0.9.x
 
 <!-- Links -->
 
+[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
 [CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
 [CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
 [CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678