Add relnotes and CVE

author: Jack Lloyd <[email protected]> 2017-03-24 10:58:30 -0400
committer: Jack Lloyd <[email protected]> 2017-03-24 10:58:30 -0400
commit: fcb23077fbd06db5d49be2f67e9c4aa31d8af359 (patch)
tree: 158b3e1bf73b049fa6f974f7d8e7bee08e87d18a /news.rst
parent: c0901e801d72bb2fdf3a205f6debf5ed954567f8 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/news.rst b/news.rst
index 4cf206670..fc98e79d8 100644
--- a/news.rst
+++ b/news.rst
@@ -4,6 +4,10 @@ Release Notes
 Version 2.1.0, Not Yet Released
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
+* Fix incorrect truncation in Bcrypt. Passwords in length between 56
+  and 72 characters were truncated at 56 characters. Found and
+  reported by Solar Designer. (CVE-2017-7252)
+
 * Support a 0-length IV in ChaCha stream cipher. Such an IV is treated
   identically to an 8-byte IV of all zeros.
author	Jack Lloyd <[email protected]>	2017-03-24 10:58:30 -0400
committer	Jack Lloyd <[email protected]>	2017-03-24 10:58:30 -0400
commit	fcb23077fbd06db5d49be2f67e9c4aa31d8af359 (patch)
tree	158b3e1bf73b049fa6f974f7d8e7bee08e87d18a /news.rst
parent	c0901e801d72bb2fdf3a205f6debf5ed954567f8 (diff)