Fix NEWS for 5.6.0 and 5.6.1.

author Lasse Collin <lasse.collin@tukaani.org>

Mon, 8 Apr 2024 16:28:35 +0000 (19:28 +0300)

committer Lasse Collin <lasse.collin@tukaani.org>

Tue, 9 Apr 2024 15:22:27 +0000 (18:22 +0300)
author Lasse Collin <lasse.collin@tukaani.org>
Mon, 8 Apr 2024 16:28:35 +0000 (19:28 +0300)
committer Lasse Collin <lasse.collin@tukaani.org>
Tue, 9 Apr 2024 15:22:27 +0000 (18:22 +0300)
diff --git a/NEWS b/NEWS

index e6a965adb9ac8e2675c4b35f22c3cebf83946639..3913c252f1139006042ca638c089a8d80b7ad085 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,9 @@ XZ Utils Release Notes
  
  5.6.1 (2024-03-09)
  
+    IMPORTANT: This fixed bugs in the backdoor (CVE-2024-3094) (someone
+    had forgot to run Valgrind).
+
      * liblzma: Fixed two bugs relating to GNU indirect function (IFUNC)
        with GCC. The more serious bug caused a program linked with
        liblzma to crash on start up if the flag -fprofile-generate was
@@ -30,6 +33,9 @@ XZ Utils Release Notes
  
  5.6.0 (2024-02-24)
  
+    IMPORTANT: This added a backdoor (CVE-2024-3094). It's enabled only
+    in the release tarballs.
+
      This bumps the minor version of liblzma because new features were
      added. The API and ABI are still backward compatible with liblzma
      5.4.x and 5.2.x and 5.0.x.
author	Lasse Collin <lasse.collin@tukaani.org>
	Mon, 8 Apr 2024 16:28:35 +0000 (19:28 +0300)
committer	Lasse Collin <lasse.collin@tukaani.org>
	Tue, 9 Apr 2024 15:22:27 +0000 (18:22 +0300)