add CVE-2016-2776

(cherry picked from commit d4c8a622c0806b332880d7a9db69cf48a5260901)

diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 325816ca7db83dcf1b8754a090cab502ef715540..2fb8874543e2830cdaaca97dd2ccecf68a62c811 100644 (file)
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -76,6 +76,16 @@
        </para>
       </listitem>
     </itemizedlist>
+
+    <itemizedlist>
+      <listitem>
+       <para>
+         It was possible to trigger a assertion when rendering a
+         message using a specially crafted request. This flaw is
+         disclosed in CVE-2016-2776. [RT #43139]
+       </para>
+      </listitem>
+    </itemizedlist>
   </section>
 
   <section xml:id="relnotes_features"><info><title>New Features</title></info>