Updated CHANGES.md and NEWS.md for CVE-2023-0465

Also updated the entries for CVE-2023-0464 Related-to: CVE-2023-0465 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20586)
author: Matt Caswell <matt@openssl.org> 2023-03-23 15:31:25 +0000
committer: Tomas Mraz <tomas@openssl.org> 2023-03-28 13:45:14 +0200
commit: 07d8baf3367cbbf81877510e5102e6193da4bfe7 (patch)
tree: ce964d9b5021fad9e80c8da846658ec04030553c /NEWS.md
parent: e8c359e51ff3372a19a784a8c865f1472774f181 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/NEWS.md b/NEWS.md
index c243c5e681..23f918f604 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -21,7 +21,9 @@ OpenSSL 3.1
 
 ### Major changes between OpenSSL 3.1.0 and OpenSSL 3.1.1 [under development]
 
-  * none
+  * Fixed handling of invalid certificate policies in leaf certificates
+    ([CVE-2023-0465])
+  * Limited the number of nodes created in a policy tree ([CVE-2023-0464])
 
 ### Major changes between OpenSSL 3.0 and OpenSSL 3.1.0 [14 Mar 2023]
 
@@ -1446,6 +1448,8 @@ OpenSSL 0.9.x
   * Support for various new platforms
 
 <!-- Links -->
+[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
+[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
 [CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
 [CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
 [CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
author	Matt Caswell <matt@openssl.org>	2023-03-23 15:31:25 +0000
committer	Tomas Mraz <tomas@openssl.org>	2023-03-28 13:45:14 +0200
commit	07d8baf3367cbbf81877510e5102e6193da4bfe7 (patch)
tree	ce964d9b5021fad9e80c8da846658ec04030553c /NEWS.md
parent	e8c359e51ff3372a19a784a8c865f1472774f181 (diff)