NEWS: Mention CVE-2020-29562 (BZ #26923)

author Siddhesh Poyarekar <siddhesh@sourceware.org>

Mon, 7 Dec 2020 16:59:18 +0000 (22:29 +0530)

committer Dmitry V. Levin <ldv@altlinux.org>

Tue, 4 Oct 2022 08:00:00 +0000 (08:00 +0000)
author Siddhesh Poyarekar <siddhesh@sourceware.org>
Mon, 7 Dec 2020 16:59:18 +0000 (22:29 +0530)
committer Dmitry V. Levin <ldv@altlinux.org>
Tue, 4 Oct 2022 08:00:00 +0000 (08:00 +0000)
diff --git a/NEWS b/NEWS

index 3e28b3902e1797fce81ab4e0e9237b8406900c89..f087aff61eaf7b615973e8cca98ac1e19220cedc 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,9 @@ Security related changes:
    CVE-2019-25013: A buffer overflow has been fixed in the iconv function when
    invoked with EUC-KR input containing invalid multibyte input sequences.
  
+  CVE-2020-29562: An assertion failure has been fixed in the iconv function
+  when invoked with UCS4 input containing an invalid character.
+
    CVE-2020-27618: An infinite loop has been fixed in the iconv program when
    invoked with input containing redundant shift sequences in the IBM1364,
    IBM1371, IBM1388, IBM1390, or IBM1399 character sets.
author	Siddhesh Poyarekar <siddhesh@sourceware.org>
	Mon, 7 Dec 2020 16:59:18 +0000 (22:29 +0530)
committer	Dmitry V. Levin <ldv@altlinux.org>
	Tue, 4 Oct 2022 08:00:00 +0000 (08:00 +0000)