Add CHANGES.md and NEWS.md entries for CVE-2023-2975

Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21384) (cherry picked from commit 1e398bec538978b9957e69bf9e12b3c626290bea)
author: Tomas Mraz <tomas@openssl.org> 2023-07-07 09:54:18 +0200
committer: Tomas Mraz <tomas@openssl.org> 2023-07-14 13:05:17 +0200
commit: aff80b19e03486ef1b55cbc3af3488d5a67973f6 (patch)
tree: 45b29259dac812ccb08bb2dbc75203ed28833550 /NEWS.md
parent: 96318a8d21bed334d78797eca5b32790775d5f05 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/NEWS.md b/NEWS.md
index 508d1a9f1d..55e42ff022 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -20,7 +20,7 @@ OpenSSL 3.0
 
 ### Major changes between OpenSSL 3.0.9 and OpenSSL 3.0.10 [under development]
 
-  * none
+  * Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975])
 
 ### Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [30 May 2023]
 
@@ -1446,6 +1446,7 @@ OpenSSL 0.9.x
 
 <!-- Links -->
 
+[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
 [CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
 [CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
 [CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
author	Tomas Mraz <tomas@openssl.org>	2023-07-07 09:54:18 +0200
committer	Tomas Mraz <tomas@openssl.org>	2023-07-14 13:05:17 +0200
commit	aff80b19e03486ef1b55cbc3af3488d5a67973f6 (patch)
tree	45b29259dac812ccb08bb2dbc75203ed28833550 /NEWS.md
parent	96318a8d21bed334d78797eca5b32790775d5f05 (diff)