NEWS: The security fix in 5.6.3 is known as CVE-2024-47611

author Lasse Collin <lasse.collin@tukaani.org>

Thu, 23 Jan 2025 09:40:46 +0000 (11:40 +0200)

committer Lasse Collin <lasse.collin@tukaani.org>

Thu, 23 Jan 2025 09:40:58 +0000 (11:40 +0200)
author Lasse Collin <lasse.collin@tukaani.org>
Thu, 23 Jan 2025 09:40:46 +0000 (11:40 +0200)
committer Lasse Collin <lasse.collin@tukaani.org>
Thu, 23 Jan 2025 09:40:58 +0000 (11:40 +0200)
diff --git a/NEWS b/NEWS

index 478b24b26e2a2f91dde42c27490c009a62739a2b..a5338ae23aa1b5bdb6cfa5a34539c42229e55d9f 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,8 @@ XZ Utils Release Notes
  5.6.3 (2024-10-01)
  
      IMPORTANT: This includes a Windows-specific security fix to
-    the command line tools. liblzma isn't affected by this issue.
+    the command line tools (CVE-2024-47611). liblzma isn't affected
+    by this issue.
  
      * liblzma:
  
@@ -55,6 +56,7 @@ XZ Utils Release Notes
                which can be exploited with malicious filenames to do
                argument injection or directory traversal attacks.
                UTF-8 avoids best-fit mappings and thus fixes the issue.
+              (CVE-2024-47611)
  
                Forcing the process code page to UTF-8 is possible only
                on Windows 10 version 1903 and later. The command line
author	Lasse Collin <lasse.collin@tukaani.org>
	Thu, 23 Jan 2025 09:40:46 +0000 (11:40 +0200)
committer	Lasse Collin <lasse.collin@tukaani.org>
	Thu, 23 Jan 2025 09:40:58 +0000 (11:40 +0200)