Add NEWS entry for CVE-2016-10228 (bug 19519)

(cherry picked from commit 17a0126abf02955cabf6256c67f8f9462a64163f)
author: Aurelien Jarno <aurelien@aurel32.net> 2020-07-30 10:07:33 +0200
committer: Dmitry V. Levin <ldv@altlinux.org> 2020-11-30 22:59:53 +0000
commit: 8fb94f88249508cdc9addd01ca6124d3d8b94d69 (patch)
tree: af3490286fb287e73ab3778837d0d31e1460ff73
parent: ec51be40c787782ceac65a33dc163c8b61bc54d1 (diff)
download: glibc-8fb94f88249508cdc9addd01ca6124d3d8b94d69.tar.gz
glibc-8fb94f88249508cdc9addd01ca6124d3d8b94d69.tar.xz
glibc-8fb94f88249508cdc9addd01ca6124d3d8b94d69.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index b0ef9dc65a..9d13f62582 100644
--- a/NEWS
+++ b/NEWS
@@ -38,6 +38,10 @@ Deprecated and removed features, and other changes affecting compatibility:
 
 Security related changes:
 
+  CVE-2016-10228: An infinite loop has been fixed in the iconv program when
+  invoked with the -c option and when processing invalid multi-byte input
+  sequences.  Reported by Jan Engelhardt.
+
   CVE-2017-18269: An SSE2-based memmove implementation for the i386
   architecture could corrupt memory.  Reported by Max Horn.
author	Aurelien Jarno <aurelien@aurel32.net>	2020-07-30 10:07:33 +0200
committer	Dmitry V. Levin <ldv@altlinux.org>	2020-11-30 22:59:53 +0000
commit	8fb94f88249508cdc9addd01ca6124d3d8b94d69 (patch)
tree	af3490286fb287e73ab3778837d0d31e1460ff73
parent	ec51be40c787782ceac65a33dc163c8b61bc54d1 (diff)
download	glibc-8fb94f88249508cdc9addd01ca6124d3d8b94d69.tar.gz glibc-8fb94f88249508cdc9addd01ca6124d3d8b94d69.tar.xz glibc-8fb94f88249508cdc9addd01ca6124d3d8b94d69.zip