Update news for 1.11.27 release1.11.27

author: Jack Lloyd <[email protected]> 2016-02-01 11:20:24 -0500
committer: Jack Lloyd <[email protected]> 2016-02-01 12:17:51 -0500
commit: fb22198b9add1f1d46d6b05cc8626b7a8d8ff9c6 (patch)
tree: f663c163bcbdb05e783d75f6ebcc07ff8a452ec6 /doc/news.rst
parent: bd2f3df2316b4f99143ef244d847c72101e6b7ab (diff)
1 files changed, 13 insertions, 1 deletions
diff --git a/doc/news.rst b/doc/news.rst
index 2effcf0fd..b2757a2a8 100644
--- a/doc/news.rst
+++ b/doc/news.rst
@@ -1,9 +1,21 @@
 Release Notes
 ========================================
 
-Version 1.11.27, Not Yet Released
+Version 1.11.27, 2016-02-01
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
+* SECURITY: Avoid heap overflow in ECC point decoding. This could
+  likely result in remote code execution. CVE-2016-2195
+
+* SECURITY: Avoid one word heap overflow in P-521 reduction function.
+  This could potentially lead to remote code execution or other
+  attack. CVE-2016-2196.
+
+* SECURITY: Avoid infinite or near-infinite loop during modular square
+  root algorithm with invalid inputs. CVE-2016-2194
+
+* Add Blake2b hash function. GH #413
+
 * Use m_ prefix on all member variables. GH #398 and #407
 
 * Use final qualifier on many classes. GH #408
author	Jack Lloyd <[email protected]>	2016-02-01 11:20:24 -0500
committer	Jack Lloyd <[email protected]>	2016-02-01 12:17:51 -0500
commit	fb22198b9add1f1d46d6b05cc8626b7a8d8ff9c6 (patch)
tree	f663c163bcbdb05e783d75f6ebcc07ff8a452ec6 /doc/news.rst
parent	bd2f3df2316b4f99143ef244d847c72101e6b7ab (diff)