Add NEWS entry for CVE-2020-29562 (BZ #26923)

BZ #26923 now has a CVE entry, so add a NEWS entry for it.

(cherry picked from commit 38a9e93cb1c58e3c899d638480e6d6e42af8e6fc)

diff --git a/NEWS b/NEWS
index de847c9ae52f626c66e66bc0eeb5bbd227fd81be..9e514f5af11f9325fddc5ff1bdebdbf67597a8dd 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -58,6 +58,9 @@ Security related changes:
   CVE-2020-27618: An infinite loop has been fixed in the iconv program when
   invoked with input containing redundant shift sequences in the IBM1364,
   IBM1371, IBM1388, IBM1390, or IBM1399 character sets.
+
+  CVE-2020-29562: An assertion failure has been fixed in the iconv function
+  when invoked with UCS4 input containing an invalid character.
 \f
 Version 2.31