Add NEWS entry for CVE-2016-10228 (bug 19519)gentoo/glibc-2.31-9 gentoo/2.31

(cherry picked from commit 17a0126abf02955cabf6256c67f8f9462a64163f) (cherry picked from commit 6fdf971c9dbf7dac9bea552113fe4694015bbc4d)
author: Aurelien Jarno <aurelien@aurel32.net> 2020-07-30 10:07:33 +0200
committer: Andreas K. Hüttel <dilfridge@gentoo.org> 2020-09-04 13:39:02 +0300
commit: 422800bff3f152765df75d15eed85e18ae47535b (patch)
tree: a2712588459672aaea3fb041d9ff47b99cd39e8d
parent: Rewrite iconv option parsing [BZ #19519] (diff)
download: glibc-gentoo/2.31.tar.gz
glibc-gentoo/2.31.tar.bz2
glibc-gentoo/2.31.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 898501b153..d3ffb82294 100644
--- a/NEWS
+++ b/NEWS
@@ -31,6 +31,10 @@ The following bugs are resolved with this release:
 
 Security related changes:
 
+  CVE-2016-10228: An infinite loop has been fixed in the iconv program when
+  invoked with the -c option and when processing invalid multi-byte input
+  sequences.  Reported by Jan Engelhardt.
+
   CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
   corruption when they were passed a pseudo-zero argument.  Reported by Guido
   Vranken / ForAllSecure Mayhem.
author	Aurelien Jarno <aurelien@aurel32.net>	2020-07-30 10:07:33 +0200
committer	Andreas K. Hüttel <dilfridge@gentoo.org>	2020-09-04 13:39:02 +0300
commit	422800bff3f152765df75d15eed85e18ae47535b (patch)
tree	a2712588459672aaea3fb041d9ff47b99cd39e8d
parent	Rewrite iconv option parsing [BZ #19519] (diff)
download	glibc-gentoo/2.31.tar.gz glibc-gentoo/2.31.tar.bz2 glibc-gentoo/2.31.zip