Update news for 1.11.27 release1.11.27

3 files changed, 24 insertions, 10 deletions

diff --git a/doc/news.rst b/doc/news.rst
index 2effcf0fd..b2757a2a8 100644
--- a/doc/news.rst
+++ b/doc/news.rst
@@ -1,9 +1,21 @@
 Release Notes
 ========================================
 
-Version 1.11.27, Not Yet Released
+Version 1.11.27, 2016-02-01
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
+* SECURITY: Avoid heap overflow in ECC point decoding. This could
+  likely result in remote code execution. CVE-2016-2195
+
+* SECURITY: Avoid one word heap overflow in P-521 reduction function.
+  This could potentially lead to remote code execution or other
+  attack. CVE-2016-2196.
+
+* SECURITY: Avoid infinite or near-infinite loop during modular square
+  root algorithm with invalid inputs. CVE-2016-2194
+
+* Add Blake2b hash function. GH #413
+
 * Use m_ prefix on all member variables. GH #398 and #407
 
 * Use final qualifier on many classes. GH #408
diff --git a/doc/security.rst b/doc/security.rst
index 2552d6751..4f18381d6 100644
--- a/doc/security.rst
+++ b/doc/security.rst
@@ -19,12 +19,14 @@ Advisories
 2016
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-* 2016-06-01 (CVE-2016-2196): Overwrite in P-521 reduction
+* 2016-02-01 (CVE-2016-2196): Overwrite in P-521 reduction
 
   The P-521 reduction function would overwrite zero to one word
   following the allocated block. This could potentially result
   in remote code execution or a crash. Found with AFL
 
+  Introduced in 1.11.10, fixed in 1.11.27
+
 * 2016-02-01 (CVE-2016-2195): Heap overflow on invalid ECC point
 
   The PointGFp constructor did not check that the affine coordinate
@@ -49,7 +51,7 @@ Advisories
 
   Found by Alex Gaynor fuzzing with AFL
 
-  Versions affected: all before 1.11.27 and 1.10.11
+  Introduced in 1.9.18, fixed in 1.11.27 and 1.10.11
 
 * 2016-02-01 (CVE-2016-2194): Infinite loop in modulur square root algorithm
 
@@ -60,7 +62,7 @@ Advisories
   This function is exposed to attacker controlled input via the OS2ECP
   function during ECC point decompression. Found by AFL
 
-  Versions affected: all before 1.11.27 and 1.10.11
+  Introduced in 1.7.15, fixed in 1.11.27 and 1.10.11
 
 2015
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/readme.rst b/readme.rst
index 5b121e101..0fce10b25 100644
--- a/readme.rst
+++ b/readme.rst
@@ -105,9 +105,9 @@ later, Clang 3.4 and later, and MSVC 2013 are regularly tested.
 A new development release is made on the first Monday of every month.
 
 The latest development release is
-`1.11.26 <http://botan.randombit.net/releases/Botan-1.11.26.tgz>`_
-`(sig) <http://botan.randombit.net/releases/Botan-1.11.26.tgz.asc>`_
-released on 2016-01-04
+`1.11.27 <http://botan.randombit.net/releases/Botan-1.11.27.tgz>`_
+`(sig) <http://botan.randombit.net/releases/Botan-1.11.27.tgz.asc>`_
+released on 2016-02-01
 
 Old Stable Series (1.10)
 ----------------------------------------
@@ -117,9 +117,9 @@ and is the most commonly packaged version. It is still supported for
 security patches, but all development efforts are focused on 1.11.
 
 The latest 1.10 release is
-`1.10.10 <http://botan.randombit.net/releases/Botan-1.10.10.tgz>`_
-`(sig) <http://botan.randombit.net/releases/Botan-1.10.10.tgz.asc>`_
-released on 2015-08-03
+`1.10.11 <http://botan.randombit.net/releases/Botan-1.10.11.tgz>`_
+`(sig) <http://botan.randombit.net/releases/Botan-1.10.11.tgz.asc>`_
+released on 2016-02-01
 
 Books and other resources
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^