Update news

2 files changed, 9 insertions, 1 deletions

diff --git a/doc/security.rst b/doc/security.rst
index 151c279f6..a2dc6f248 100644
--- a/doc/security.rst
+++ b/doc/security.rst
@@ -21,7 +21,7 @@ Advisories
 2016
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-* 2016-11-27 (CVE-2016-xxxx) Integer overflow in BER decoder
+* 2016-11-27 (CVE-2016-9132) Integer overflow in BER decoder
 
   While decoding BER length fields, an integer overflow could occur. This could
   occur while parsing untrusted inputs such as X.509 certificates. The overflow
diff --git a/news.rst b/news.rst
index a02ba7387..dee2add96 100644
--- a/news.rst
+++ b/news.rst
@@ -4,6 +4,10 @@ Release Notes
 Version 1.11.34, Not Yet Released
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
+* Fix integer overflow during BER decoding, found by Falko Strenzke.
+  This bug is not thought to be directly exploitable but upgrading ASAP
+  is advised. (CVE-2016-9132)
+
 * Add post-quantum signature scheme XMSS. Provides either 128 or 256 bit
   (post-quantum) security, with small public and private keys, fast
   verification, and reasonably small signatures (2500 bytes for 128-bit
@@ -17,6 +21,8 @@ Version 1.11.34, Not Yet Released
   ECDH and NewHope to provide post-quantum security. The ciphersuites are not
   IETF standard, but is compatible with BoringSSL. (GH #729)
 
+* Add support for client-side OCSP stapling to TLS. (GH #738)
+
 * Previously both public and private keys performed automatic self testing after
   generation or loading. However this often caused unexpected application
   performance problems, and so has been removed. Instead applications must call
@@ -100,6 +106,8 @@ Version 1.11.34, Not Yet Released
 * Allow a custom ECC curve to be specified at build time, for application or
   system specific curves. (GH #636 #710)
 
+* Use NOMINMAX on Windows to avoid problems in amalgamation build. (GH #740)
+
 * Add support to output bakefiles with new `configure.py` option `--with-bakefile`.
   (GH #360 #720)