Add a CHANGES.md/NEWS.md entry for the unbounded memory growth bug

Related to CVE-2024-2511 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24043)
author: Matt Caswell <matt@openssl.org> 2024-03-05 16:01:20 +0000
committer: Tomas Mraz <tomas@openssl.org> 2024-04-08 12:08:19 +0200
commit: b7acb6731a96b073d6150465bd090e2052a595c2 (patch)
tree: 2227a5f34a09d5b338fde8d2f4fd2bf39a4ed69e /NEWS.md
parent: e9d7083e241670332e0443da0f0d4ffb52829f08 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/NEWS.md b/NEWS.md
index 7abf34d956..4ee9399b85 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -22,7 +22,13 @@ OpenSSL 3.2
 
 ### Major changes between OpenSSL 3.2.1 and OpenSSL 3.2.2 [under development]
 
-  * none
+OpenSSL 3.2.2 is a security patch release. The most severe CVE fixed in this
+release is Low.
+
+This release incorporates the following bug fixes and mitigations:
+
+  * Fixed unbounded memory growth with session handling in TLSv1.3
+    ([CVE-2024-2511])
 
 ### Major changes between OpenSSL 3.2.0 and OpenSSL 3.2.1 [30 Jan 2024]
 
@@ -1587,6 +1593,7 @@ OpenSSL 0.9.x
 
 <!-- Links -->
 
+[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
 [CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
 [CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
 [CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
author	Matt Caswell <matt@openssl.org>	2024-03-05 16:01:20 +0000
committer	Tomas Mraz <tomas@openssl.org>	2024-04-08 12:08:19 +0200
commit	b7acb6731a96b073d6150465bd090e2052a595c2 (patch)
tree	2227a5f34a09d5b338fde8d2f4fd2bf39a4ed69e /NEWS.md
parent	e9d7083e241670332e0443da0f0d4ffb52829f08 (diff)