From: Andreas K. Hüttel <dilfridge@gentoo.org>
Date: Thu, 22 Jan 2026 21:00:10 +0000 (+0100)
Subject: NEWS: Insert list of fixed security advisories
X-Git-Tag: glibc-2.43~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bf047617c000e0c2c8ae0d09da73048481d4c172;p=thirdparty%2Fglibc.git

NEWS: Insert list of fixed security advisories

Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
---

diff --git a/NEWS b/NEWS
index ddc8e81b70..e271fb2e4d 100644
--- a/NEWS
+++ b/NEWS
@@ -131,8 +131,17 @@ Security related changes:
 The following CVEs were fixed in this release, details of which can be
 found in the advisories directory of the release tarball:
 
-  [The release manager will add the list generated by
-  scripts/process-advisories.sh just before the release.]
+  GLIBC-SA-2026-0001:
+    Integer overflow in memalign leads to heap corruption
+    (CVE-2026-0861)
+
+  GLIBC-SA-2026-0002:
+    getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler
+    (CVE-2026-0915)
+
+  GLIBC-SA-2026-0003:
+    wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized
+    memory (CVE-2025-15281)
 
 The following bugs were resolved with this release: