Add NEWS entry for CVE-2016-10228 (bug 19519)

author Aurelien Jarno <aurelien@aurel32.net>

Thu, 30 Jul 2020 08:07:33 +0000 (10:07 +0200)

committer Dmitry V. Levin <ldv@altlinux.org>

Mon, 30 Nov 2020 22:59:53 +0000 (22:59 +0000)
author Aurelien Jarno <aurelien@aurel32.net>
Thu, 30 Jul 2020 08:07:33 +0000 (10:07 +0200)
committer Dmitry V. Levin <ldv@altlinux.org>
Mon, 30 Nov 2020 22:59:53 +0000 (22:59 +0000)
diff --git a/NEWS b/NEWS

index b0ef9dc65a3eef91f61823d64590aa66525ad506..9d13f62582ac1155346b2ebed48a774fba8aeac4 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -38,6 +38,10 @@ Deprecated and removed features, and other changes affecting compatibility:
  
  Security related changes:
  
+  CVE-2016-10228: An infinite loop has been fixed in the iconv program when
+  invoked with the -c option and when processing invalid multi-byte input
+  sequences.  Reported by Jan Engelhardt.
+
    CVE-2017-18269: An SSE2-based memmove implementation for the i386
    architecture could corrupt memory.  Reported by Max Horn.
author	Aurelien Jarno <aurelien@aurel32.net>
	Thu, 30 Jul 2020 08:07:33 +0000 (10:07 +0200)
committer	Dmitry V. Levin <ldv@altlinux.org>
	Mon, 30 Nov 2020 22:59:53 +0000 (22:59 +0000)