NEWS: Add entry for CVE-2021-27645

author DJ Delorie <dj@redhat.com>

Wed, 3 Mar 2021 19:52:57 +0000 (14:52 -0500)

committer DJ Delorie <dj@redhat.com>

Tue, 9 Mar 2021 19:34:50 +0000 (14:34 -0500)
author DJ Delorie <dj@redhat.com>
Wed, 3 Mar 2021 19:52:57 +0000 (14:52 -0500)
committer DJ Delorie <dj@redhat.com>
Tue, 9 Mar 2021 19:34:50 +0000 (14:34 -0500)
diff --git a/NEWS b/NEWS

index 73a1a0df972659a22120e60daff24e45a7e7b065..aa0f10a891f8f9b4e6f0f6d25b6a307898c07d82 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -31,7 +31,10 @@ Changes to build and runtime requirements:
  
  Security related changes:
  
-  [Add security related changes here]
+  CVE-2021-27645: The nameserver caching daemon (nscd), when processing
+  a request for netgroup lookup, may crash due to a double-free,
+  potentially resulting in degraded service or Denial of Service on the
+  local system.  Reported by Chris Schanzle.
  
  The following bugs are resolved with this release:
author	DJ Delorie <dj@redhat.com>
	Wed, 3 Mar 2021 19:52:57 +0000 (14:52 -0500)
committer	DJ Delorie <dj@redhat.com>
	Tue, 9 Mar 2021 19:34:50 +0000 (14:34 -0500)