Update CHANGES and NEWS for new release

Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/7664)
author: Matt Caswell <matt@openssl.org> 2018-11-20 10:52:53 +0000
committer: Matt Caswell <matt@openssl.org> 2018-11-20 11:54:46 +0000
commit: d90d8537959683d6bc25636120b885f27bbce060 (patch)
tree: bf1baead22bb407f39baa7cc77bcc6593ff88c27 /CHANGES
parent: cc330c704d961e51eae561a4dff425965c656914 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index cf4587531f..aafc2620bb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,26 @@
 
  Changes between 1.1.1 and 1.1.1a [xx XXX xxxx]
 
+  *) Timing vulnerability in DSA signature generation
+
+     The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
+     timing side channel attack. An attacker could use variations in the signing
+     algorithm to recover the private key.
+
+     This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
+     (CVE-2018-0734)
+     [Paul Dale]
+
+  *) Timing vulnerability in ECDSA signature generation
+
+     The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
+     timing side channel attack. An attacker could use variations in the signing
+     algorithm to recover the private key.
+
+     This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
+     (CVE-2018-0735)
+     [Paul Dale]
+
   *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
      the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
      are retained for backwards compatibility.
author	Matt Caswell <matt@openssl.org>	2018-11-20 10:52:53 +0000
committer	Matt Caswell <matt@openssl.org>	2018-11-20 11:54:46 +0000
commit	d90d8537959683d6bc25636120b885f27bbce060 (patch)
tree	bf1baead22bb407f39baa7cc77bcc6593ff88c27 /CHANGES
parent	cc330c704d961e51eae561a4dff425965c656914 (diff)