Update NEWS

author Miroslav Lichvar <mlichvar@redhat.com>

Wed, 31 Jul 2013 13:04:12 +0000 (15:04 +0200)

committer Miroslav Lichvar <mlichvar@redhat.com>

Thu, 8 Aug 2013 13:58:07 +0000 (15:58 +0200)
author Miroslav Lichvar <mlichvar@redhat.com>
Wed, 31 Jul 2013 13:04:12 +0000 (15:04 +0200)
committer Miroslav Lichvar <mlichvar@redhat.com>
Thu, 8 Aug 2013 13:58:07 +0000 (15:58 +0200)
diff --git a/NEWS b/NEWS

index cdb393464425256bb522572022eea907d7004882..8cc9061cb12903eb245d84d475335aace05b5c54 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,17 @@
+New in version 1.29
+===================
+
+Security fixes
+--------------
+* Fix crash when processing crafted commands (CVE-2012-4502)
+  (possible with IP addresses allowed by cmdallow and localhost)
+* Don't send uninitialized data in SUBNETS_ACCESSED and CLIENT_ACCESSES
+  replies (CVE-2012-4503) (not used by chronyc)
+
+Other changes
+-------------
+* Drop support for SUBNETS_ACCESSED and CLIENT_ACCESSES commands
+
  New in version 1.28
  ===================
author	Miroslav Lichvar <mlichvar@redhat.com>
	Wed, 31 Jul 2013 13:04:12 +0000 (15:04 +0200)
committer	Miroslav Lichvar <mlichvar@redhat.com>
	Thu, 8 Aug 2013 13:58:07 +0000 (15:58 +0200)