Add NEWS entry for CVE-2020-1752 (bug 25414)

author Aurelien Jarno <aurelien@aurel32.net>

Thu, 19 Mar 2020 21:53:00 +0000 (22:53 +0100)

committer Aurelien Jarno <aurelien@aurel32.net>

Thu, 19 Mar 2020 21:53:00 +0000 (22:53 +0100)
author Aurelien Jarno <aurelien@aurel32.net>
Thu, 19 Mar 2020 21:53:00 +0000 (22:53 +0100)
committer Aurelien Jarno <aurelien@aurel32.net>
Thu, 19 Mar 2020 21:53:00 +0000 (22:53 +0100)
diff --git a/NEWS b/NEWS

index e0379fc53c1bf3407f315d06b8c5d87cbb9d066d..68a408a3bc64f0ba4a2bb4b58dfa5cf2693a4d32 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,9 @@ Security related changes:
    corruption when they were passed a pseudo-zero argument.  Reported by Guido
    Vranken / ForAllSecure Mayhem.
  
+  CVE-2020-1752: A use-after-free vulnerability in the glob function when
+  expanding ~user has been fixed.
+
  The following bugs are resolved with this release:
  
    [The release manager will add the list generated by
author	Aurelien Jarno <aurelien@aurel32.net>
	Thu, 19 Mar 2020 21:53:00 +0000 (22:53 +0100)
committer	Aurelien Jarno <aurelien@aurel32.net>
	Thu, 19 Mar 2020 21:53:00 +0000 (22:53 +0100)