From 8fb94f88249508cdc9addd01ca6124d3d8b94d69 Mon Sep 17 00:00:00 2001
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Thu, 30 Jul 2020 10:07:33 +0200
Subject: Add NEWS entry for CVE-2016-10228 (bug 19519)

(cherry picked from commit 17a0126abf02955cabf6256c67f8f9462a64163f)
---
 NEWS | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/NEWS b/NEWS
index b0ef9dc65a..9d13f62582 100644
--- a/NEWS
+++ b/NEWS
@@ -38,6 +38,10 @@ Deprecated and removed features, and other changes affecting compatibility:
 
 Security related changes:
 
+  CVE-2016-10228: An infinite loop has been fixed in the iconv program when
+  invoked with the -c option and when processing invalid multi-byte input
+  sequences.  Reported by Jan Engelhardt.
+
   CVE-2017-18269: An SSE2-based memmove implementation for the i386
   architecture could corrupt memory.  Reported by Max Horn.
 
-- 
cgit 1.4.1