From afb19f07aecc84998eeea56c4d65f5e0499abb5a Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 30 Jan 2024 16:51:52 +0000
Subject: Remove a CVE reference from CHANGES/NEWS

master/3.2 was never vulnerable to CVE-2023-5678 since it was fixed before
it was released.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23432)
---
 NEWS.md | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'NEWS.md')

diff --git a/NEWS.md b/NEWS.md
index b0514c65ce..a0748e6a39 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -43,9 +43,6 @@ This release incorporates the following bug fixes and mitigations:
   * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
     CPUs which support PowerISA 2.07
     ([CVE-2023-6129])
-  * Fixed excessive time spent in DH check / generation with large Q parameter
-    value
-    [(CVE-2023-5678)]
 
 ### Major changes between OpenSSL 3.1 and OpenSSL 3.2.0 [23 Nov 2023]
 
@@ -121,6 +118,12 @@ This release incorporates the following documentation enhancements:
 
     See [OpenSSL Guide].
 
+This release incorporates the following bug fixes and mitigations:
+
+  * Fixed excessive time spent in DH check / generation with large Q parameter
+    value
+    ([CVE-2023-5678])
+
 A more detailed list of changes in this release can be found in the
 [CHANGES.md] file.
 
-- 
cgit v1.2.3