doc: add NEWS entry about CVE-2020-27827

author Vincent Bernat <vincent@bernat.ch>

Wed, 13 Jan 2021 17:42:19 +0000 (18:42 +0100)

committer Vincent Bernat <vincent@bernat.ch>

Wed, 13 Jan 2021 17:42:19 +0000 (18:42 +0100)
author Vincent Bernat <vincent@bernat.ch>
Wed, 13 Jan 2021 17:42:19 +0000 (18:42 +0100)
committer Vincent Bernat <vincent@bernat.ch>
Wed, 13 Jan 2021 17:42:19 +0000 (18:42 +0100)
diff --git a/NEWS b/NEWS

index d6c33575c31549ec6521891a07b1a375e7d402d8..18b059ff7498c562ceda81bd7b72b878a74e6f06 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,8 @@ lldpd (1.0.8)
    * Fix:
      + Out-of-bound read access when parsing LLDP-MED civic address in
        liblldpctl for malformed fields.
+    + Fix memory leak when receiving LLDPU with duplicate fields.
+      CVE-2020-27827.
    * Changes:
      + Enable "router" capability bit when IPv6 routing is enabled.
author	Vincent Bernat <vincent@bernat.ch>
	Wed, 13 Jan 2021 17:42:19 +0000 (18:42 +0100)
committer	Vincent Bernat <vincent@bernat.ch>
	Wed, 13 Jan 2021 17:42:19 +0000 (18:42 +0100)