Update NEWS to add CVE-2017-15804 entry

author Aurelien Jarno <aurelien@aurel32.net>

Fri, 1 Dec 2017 20:53:51 +0000 (21:53 +0100)

committer Aurelien Jarno <aurelien@aurel32.net>

Fri, 1 Dec 2017 20:56:32 +0000 (21:56 +0100)
author Aurelien Jarno <aurelien@aurel32.net>
Fri, 1 Dec 2017 20:53:51 +0000 (21:53 +0100)
committer Aurelien Jarno <aurelien@aurel32.net>
Fri, 1 Dec 2017 20:56:32 +0000 (21:56 +0100)
diff --git a/NEWS b/NEWS

index 7d3a326d88ee9aced97689b7ec07940e4df91c93..61bffe0451da72746b2055f1ef97f67b6a2dcc2e 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -35,8 +35,8 @@ Security related changes:
    processing, leading to a memory leak and, potentially, to a denial
    of service.
  
-  The glob function, when invoked with GLOB_TILDE and without
-  GLOB_NOESCAPE, could write past the end of a buffer while
+  CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and
+  without GLOB_NOESCAPE, could write past the end of a buffer while
    unescaping user names.  Reported by Tim Rühsen.
  
  The following bugs are resolved with this release:
author	Aurelien Jarno <aurelien@aurel32.net>
	Fri, 1 Dec 2017 20:53:51 +0000 (21:53 +0100)
committer	Aurelien Jarno <aurelien@aurel32.net>
	Fri, 1 Dec 2017 20:56:32 +0000 (21:56 +0100)