Add NEWS entry for CVE-2020-29562 (BZ #26923)

author Siddhesh Poyarekar <siddhesh@sourceware.org>

Mon, 7 Dec 2020 16:59:18 +0000 (22:29 +0530)

committer Dmitry V. Levin <ldv@altlinux.org>

Sun, 3 Jan 2021 12:21:12 +0000 (12:21 +0000)
author Siddhesh Poyarekar <siddhesh@sourceware.org>
Mon, 7 Dec 2020 16:59:18 +0000 (22:29 +0530)
committer Dmitry V. Levin <ldv@altlinux.org>
Sun, 3 Jan 2021 12:21:12 +0000 (12:21 +0000)
diff --git a/NEWS b/NEWS

index 4482f95b949f6920238c6d85a50f8be2581811a2..f591f150d36ee6b52cb45d50c79c1a838dcddf6f 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -96,6 +96,9 @@ Security related changes:
    invoked with input containing redundant shift sequences in the IBM1364,
    IBM1371, IBM1388, IBM1390, or IBM1399 character sets.
  
+  CVE-2020-29562: An assertion failure has been fixed in the iconv function
+  when invoked with UCS4 input containing an invalid character.
+
  The following bugs are resolved with this release:
  
    [6889] 'PWD' mentioned but not specified
author	Siddhesh Poyarekar <siddhesh@sourceware.org>
	Mon, 7 Dec 2020 16:59:18 +0000 (22:29 +0530)
committer	Dmitry V. Levin <ldv@altlinux.org>
	Sun, 3 Jan 2021 12:21:12 +0000 (12:21 +0000)