Update CHANGES.md and NEWS.md for new release

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit cf889ec8d9e9bb89f012b4e610c702e2656674fd)

2 files changed, 48 insertions, 3 deletions

diff --git a/CHANGES.md b/CHANGES.md
index f4a9340d73..6e5acb8a25 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -38,8 +38,35 @@ breaking changes, and mappings for the large list of deprecated functions.
 
 ### Changes between 3.0.6 and 3.0.7 [xx XXX xxxx]
 
- * Removed all references to invalid OSSL_PKEY_PARAM_RSA names for CRT parameters
-   in OpenSSL code.
+ * Fixed two buffer overflows in punycode decoding functions.
+
+   A buffer overrun can be triggered in X.509 certificate verification,
+   specifically in name constraint checking. Note that this occurs after
+   certificate chain signature verification and requires either a CA to
+   have signed the malicious certificate or for the application to continue
+   certificate verification despite failure to construct a path to a trusted
+   issuer.
+
+   In a TLS client, this can be triggered by connecting to a malicious
+   server.  In a TLS server, this can be triggered if the server requests
+   client authentication and a malicious client connects.
+
+   An attacker can craft a malicious email address to overflow
+   an arbitrary number of bytes containing the `.`  character (decimal 46)
+   on the stack.  This buffer overflow could result in a crash (causing a
+   denial of service).
+   ([CVE-2022-3786])
+
+   An attacker can craft a malicious email address to overflow four
+   attacker-controlled bytes on the stack.  This buffer overflow could
+   result in a crash (causing a denial of service) or potentially remote code
+   execution depending on stack layout for any given platform/compiler.
+   ([CVE-2022-3602])
+
+   *Paul Dale*
+
+ * Removed all references to invalid OSSL_PKEY_PARAM_RSA names for CRT
+   parameters in OpenSSL code.
    Applications should not use the names OSSL_PKEY_PARAM_RSA_FACTOR,
    OSSL_PKEY_PARAM_RSA_EXPONENT and OSSL_PKEY_PARAM_RSA_COEFFICIENT.
    Use the numbered names such as OSSL_PKEY_PARAM_RSA_FACTOR1 instead.
@@ -48,10 +75,25 @@ breaking changes, and mappings for the large list of deprecated functions.
 
    *Shane Lontis*
 
+ * Fixed a regression introduced in 3.0.6 version raising errors on some stack
+   operations.
+
+   *Tomáš Mráz*
+
+ * Fixed a regression introduced in 3.0.6 version not refreshing the certificate
+   data to be signed before signing the certificate.
+
+   *Gibeom Gwon*
+
  * Added RIPEMD160 to the default provider.
 
    *Paul Dale*
 
+ * Ensured that the key share group sent or accepted for the key exchange
+   is allowed for the protocol version.
+
+   *Matt Caswell*
+
 ### Changes between 3.0.5 and 3.0.6 [11 Oct 2022]
 
  * OpenSSL supports creating a custom cipher via the legacy
diff --git a/NEWS.md b/NEWS.md
index 77aed3c620..5866d07cc4 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -21,7 +21,10 @@ OpenSSL 3.1
 
 ### Major changes between OpenSSL 3.0 and OpenSSL 3.1.0 [under development]
 
-  * none
+  * Added RIPEMD160 to the default provider.
+  * Fixed regressions introduced in 3.0.6 version.
+  * Fixed two buffer overflows in punycode decoding functions.
+    ([CVE-2022-3786]) and ([CVE-2022-3602])
 
 OpenSSL 3.0
 -----------