Add info for 1.10.12 release

[ci skip]
author: Jack Lloyd <[email protected]> 2016-02-03 03:27:40 -0500
committer: Jack Lloyd <[email protected]> 2016-02-03 03:27:40 -0500
commit: 8a84d370550508349d1f872195dedd09236e37b1 (patch)
tree: ab78edf0ce7d8b3665f8117fa2e53714686320cd /doc/news.rst
parent: 87a59dd0ea8a783540d30bb697b4c86d9b66f7ee (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/doc/news.rst b/doc/news.rst
index f4d7b83e2..60fd2e4b2 100644
--- a/doc/news.rst
+++ b/doc/news.rst
@@ -1,6 +1,31 @@
 Release Notes
 ========================================
 
+Version 1.10.12, 2016-02-03
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* In 1.10.11, the check in PointGFp intended to check the affine y
+  argument actually checked the affine x again. Reported by Remi Gacogne
+
+  The CVE-2016-2195 overflow is not exploitable in 1.10.11 due to an
+  additional check in the multiplication function itself which was
+  also added in that release, so there are no security implications
+  from the missed check. However to avoid confusion the change was
+  pushed in a new release immediately.
+
+  The 1.10.11 release notes incorrectly identified CVE-2016-2195 as CVE-2016-2915
+
+Version 1.10.11, 2016-02-01
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Resolve heap overflow in ECC point decoding. CVE-2016-2195
+
+* Resolve infinite loop in modular square root algorithm.
+  CVE-2016-2194
+
+* Correct BigInt::to_u32bit to not fail on integers of exactly 32 bits.
+  GH #239
+
 Version 1.11.28, 2016-02-01
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
author	Jack Lloyd <[email protected]>	2016-02-03 03:27:40 -0500
committer	Jack Lloyd <[email protected]>	2016-02-03 03:27:40 -0500
commit	8a84d370550508349d1f872195dedd09236e37b1 (patch)
tree	ab78edf0ce7d8b3665f8117fa2e53714686320cd /doc/news.rst
parent	87a59dd0ea8a783540d30bb697b4c86d9b66f7ee (diff)