Updated CHANGES.md and NEWS.md for CVE-2023-0465

Also updated the entries for CVE-2023-0464

Related-to: CVE-2023-0465

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20585)

1 files changed, 9 insertions, 1 deletions

diff --git a/NEWS.md b/NEWS.md
index fca7c57e5d..b1eaab4b8d 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -35,7 +35,13 @@ OpenSSL 3.2
 OpenSSL 3.1
 -----------
 
-### Major changes between OpenSSL 3.0 and OpenSSL 3.1.0 [under development]
+### Major changes between OpenSSL 3.1.0 and OpenSSL 3.1.1 [under development]
+
+  * Fixed handling of invalid certificate policies in leaf certificates
+    ([CVE-2023-0465])
+  * Limited the number of nodes created in a policy tree ([CVE-2023-0464])
+
+### Major changes between OpenSSL 3.0 and OpenSSL 3.1.0 [14 Mar 2023]
 
   * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0.
   * Performance enhancements and new platform support including new
@@ -1458,6 +1464,8 @@ OpenSSL 0.9.x
   * Support for various new platforms
 
 <!-- Links -->
+[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
+[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
 [CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
 [CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
 [CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217