From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed, 31 Jul 2013 13:04:12 +0000 (+0200)
Subject: Update NEWS
X-Git-Tag: 1.29^0
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b5658f4d9c3d024fd93644f58fb0b47c7e0fa78e;p=thirdparty%2Fchrony.git

Update NEWS
---

diff --git a/NEWS b/NEWS
index cdb39346..8cc9061c 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,17 @@
+New in version 1.29
+===================
+
+Security fixes
+--------------
+* Fix crash when processing crafted commands (CVE-2012-4502)
+  (possible with IP addresses allowed by cmdallow and localhost)
+* Don't send uninitialized data in SUBNETS_ACCESSED and CLIENT_ACCESSES
+  replies (CVE-2012-4503) (not used by chronyc)
+
+Other changes
+-------------
+* Drop support for SUBNETS_ACCESSED and CLIENT_ACCESSES commands
+
 New in version 1.28
 ===================