From: Aurelien Jarno <aurelien@aurel32.net>
Date: Thu, 30 Jul 2020 08:07:33 +0000 (+0200)
Subject: Add NEWS entry for CVE-2016-10228 (bug 19519)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8fb94f88249508cdc9addd01ca6124d3d8b94d69;p=thirdparty%2Fglibc.git

Add NEWS entry for CVE-2016-10228 (bug 19519)

(cherry picked from commit 17a0126abf02955cabf6256c67f8f9462a64163f)
---

diff --git a/NEWS b/NEWS
index b0ef9dc65a3..9d13f62582a 100644
--- a/NEWS
+++ b/NEWS
@@ -38,6 +38,10 @@ Deprecated and removed features, and other changes affecting compatibility:
 
 Security related changes:
 
+  CVE-2016-10228: An infinite loop has been fixed in the iconv program when
+  invoked with the -c option and when processing invalid multi-byte input
+  sequences.  Reported by Jan Engelhardt.
+
   CVE-2017-18269: An SSE2-based memmove implementation for the i386
   architecture could corrupt memory.  Reported by Max Horn.