Add NEWS entry for CVE-2016-10228 (bug 19519)

author Aurelien Jarno <aurelien@aurel32.net>

Thu, 30 Jul 2020 08:07:33 +0000 (10:07 +0200)

committer Aurelien Jarno <aurelien@aurel32.net>

Mon, 3 Aug 2020 21:24:38 +0000 (23:24 +0200)
author Aurelien Jarno <aurelien@aurel32.net>
Thu, 30 Jul 2020 08:07:33 +0000 (10:07 +0200)
committer Aurelien Jarno <aurelien@aurel32.net>
Mon, 3 Aug 2020 21:24:38 +0000 (23:24 +0200)
diff --git a/NEWS b/NEWS

index 85f91b3ecb7ac3278a215639a8e62ae7a53ccde2..7454a4bfa077884a9d1fba8782b3989b081c6928 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -167,6 +167,10 @@ Changes to build and runtime requirements:
  
  Security related changes:
  
+  CVE-2016-10228: An infinite loop has been fixed in the iconv program when
+  invoked with the -c option and when processing invalid multi-byte input
+  sequences.  Reported by Jan Engelhardt.
+
    CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
    corruption when they were passed a pseudo-zero argument.  Reported by Guido
    Vranken / ForAllSecure Mayhem.
author	Aurelien Jarno <aurelien@aurel32.net>
	Thu, 30 Jul 2020 08:07:33 +0000 (10:07 +0200)
committer	Aurelien Jarno <aurelien@aurel32.net>
	Mon, 3 Aug 2020 21:24:38 +0000 (23:24 +0200)