From: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Fri, 8 Jan 2021 03:47:06 +0000 (+0530)
Subject: NEWS: Mention CVE-2019-25013
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=b2229db87d686c37839176bddcfbfe98a7376fd7;p=thirdparty%2Fglibc.git

NEWS: Mention CVE-2019-25013

(cherry picked from commit 18b640c57094236e6c991ba16f87467085a1d55a)
---

diff --git a/NEWS b/NEWS
index cf8c54f6819..e92ecf66c8b 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,9 @@ Version 2.32.1
 
 Security related changes:
 
+  CVE-2019-25013: A buffer overflow has been fixed in the iconv function when
+  invoked with EUC-KR input containing invalid multibyte input sequences.
+
   CVE-2020-27618: An infinite loop has been fixed in the iconv program when
   invoked with input containing redundant shift sequences in the IBM1364,
   IBM1371, IBM1388, IBM1390, or IBM1399 character sets.