Update CHANGES and NEWS for upcoming release 3.0.5

Reviewed-by: Paul Dale <pauli@openssl.org> Release: yes
author: Richard Levitte <levitte@openssl.org> 2022-07-05 10:24:48 +0200
committer: Richard Levitte <levitte@openssl.org> 2022-07-05 10:24:48 +0200
commit: 6677e4519d09ce49e83217fa1f685e592d1648f3 (patch)
tree: 8a71b8e50679c658602d130dd22fb5f14be3292f /NEWS.md
parent: 52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/NEWS.md b/NEWS.md
index 622449ff6d..ba510bdd56 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -20,7 +20,11 @@ OpenSSL 3.0
 
 ### Major changes between OpenSSL 3.0.4 and OpenSSL 3.0.5 [under development]
 
-  * none
+  * Fixed heap memory corruption with RSA private key operation
+    ([CVE-2022-2274])
+  * Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
+    ([CVE-2022-2097])
+
 
 ### Major changes between OpenSSL 3.0.3 and OpenSSL 3.0.4 [21 Jun 2022]
 
@@ -1404,6 +1408,8 @@ OpenSSL 0.9.x
 
 <!-- Links -->
 
+[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
+[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
 [CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
 [CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
 [CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
author	Richard Levitte <levitte@openssl.org>	2022-07-05 10:24:48 +0200
committer	Richard Levitte <levitte@openssl.org>	2022-07-05 10:24:48 +0200
commit	6677e4519d09ce49e83217fa1f685e592d1648f3 (patch)
tree	8a71b8e50679c658602d130dd22fb5f14be3292f /NEWS.md
parent	52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8 (diff)