Update CHANGES and NEWS for upcoming release 1.1.1q

Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes

2 files changed, 12 insertions, 2 deletions

diff --git a/CHANGES b/CHANGES
index b72c71d26b..62a555762d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,7 +9,16 @@
 
  Changes between 1.1.1p and 1.1.1q [xx XXX xxxx]
 
-  *)
+  *) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
+     implementation would not encrypt the entirety of the data under some
+     circumstances.  This could reveal sixteen bytes of data that was
+     preexisting in the memory that wasn't written.  In the special case of
+     "in place" encryption, sixteen bytes of the plaintext would be revealed.
+
+     Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
+     they are both unaffected.
+     (CVE-2022-2097)
+     [Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño]
 
  Changes between 1.1.1o and 1.1.1p [21 Jun 2022]
 
diff --git a/NEWS b/NEWS
index d0c810f52f..892793313f 100644
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,8 @@
 
   Major changes between OpenSSL 1.1.1p and OpenSSL 1.1.1q [under development]
 
-      o
+      o Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
+        (CVE-2022-2097)
 
   Major changes between OpenSSL 1.1.1o and OpenSSL 1.1.1p [21 Jun 2022]