about summary refs log tree commit diff
path: root/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS5
1 files changed, 4 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index a0bf400923..cbac49229f 100644
--- a/NEWS
+++ b/NEWS
@@ -10,7 +10,10 @@ Version 2.16.1
 * The following bugs are resolved with this release:
 
   6530, 14195, 14547, 14459, 14476, 14562, 14621, 14648, 14699, 14756, 14831,
-  15078, 15754, 15755, 16072, 17048, 17137, 17187, 17325.
+  15078, 15754, 15755, 16072, 16617, 17048, 17137, 17187, 17325.
+
+* CVE-2012-3406 printf-style functions could run into a stack overflow when
+  processing format strings with a large number of format specifiers.
 
 * CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not
   copy the path argument.  This allowed programs to cause posix_spawn to
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-23 09:26:43 +0000