NEWS: Insert list of fixed security advisories

author Andreas K. Hüttel <dilfridge@gentoo.org>

Thu, 22 Jan 2026 21:00:10 +0000 (22:00 +0100)

committer Andreas K. Hüttel <dilfridge@gentoo.org>

Thu, 22 Jan 2026 21:00:10 +0000 (22:00 +0100)
author Andreas K. Hüttel <dilfridge@gentoo.org>
Thu, 22 Jan 2026 21:00:10 +0000 (22:00 +0100)
committer Andreas K. Hüttel <dilfridge@gentoo.org>
Thu, 22 Jan 2026 21:00:10 +0000 (22:00 +0100)
diff --git a/NEWS b/NEWS

index ddc8e81b707f6fe2d3bc73605667f3d8e1d3141f..e271fb2e4d76903c77a302aaec1ca22ce31027d0 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -131,8 +131,17 @@ Security related changes:
  The following CVEs were fixed in this release, details of which can be
  found in the advisories directory of the release tarball:
  
-  [The release manager will add the list generated by
-  scripts/process-advisories.sh just before the release.]
+  GLIBC-SA-2026-0001:
+    Integer overflow in memalign leads to heap corruption
+    (CVE-2026-0861)
+
+  GLIBC-SA-2026-0002:
+    getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler
+    (CVE-2026-0915)
+
+  GLIBC-SA-2026-0003:
+    wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized
+    memory (CVE-2025-15281)
  
  The following bugs were resolved with this release:
author	Andreas K. Hüttel <dilfridge@gentoo.org>
	Thu, 22 Jan 2026 21:00:10 +0000 (22:00 +0100)
committer	Andreas K. Hüttel <dilfridge@gentoo.org>
	Thu, 22 Jan 2026 21:00:10 +0000 (22:00 +0100)