Update for 2.6.0 release2.6.0

2 files changed, 10 insertions, 4 deletions

diff --git a/news.rst b/news.rst
index 73f691462..29eae9cff 100644
--- a/news.rst
+++ b/news.rst
@@ -1,9 +1,15 @@
 Release Notes
 ========================================
 
-Version 2.6.0, Not Yet Released
+Version 2.6.0, 2018-04-10
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
+* CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could
+  for a malformed ciphertext cause the decryptor to read and HMAC an
+  additional 64K bytes of data which is not part of the record. This
+  could cause a crash if the read went into unmapped memory. No
+  information leak or out of bounds write occurs.
+
 * Add support for OAEP labels (GH #1508)
 
 * RSA signing is about 15% faster (GH #1523) and RSA verification is
diff --git a/readme.rst b/readme.rst
index 3357c3a67..e4189dacf 100644
--- a/readme.rst
+++ b/readme.rst
@@ -105,9 +105,9 @@ MSVC 2015/2017 are regularly tested. New releases of Botan 2 are made on a
 quarterly basis.
 
 The latest 2.x release is
-`2.5.0 <https://botan.randombit.net/releases/Botan-2.5.0.tgz>`_
-`(sig) <https://botan.randombit.net/releases/Botan-2.5.0.tgz.asc>`_
-released on 2018-04-02
+`2.6.0 <https://botan.randombit.net/releases/Botan-2.6.0.tgz>`_
+`(sig) <https://botan.randombit.net/releases/Botan-2.6.0.tgz.asc>`_
+released on 2018-04-10
 
 Old Release
 ----------------------------------------