Add NEWS entry for CVE-2022-39046

This commit is contained in:
Siddhesh Poyarekar 2022-09-06 09:31:50 -04:00
parent dbb75513f5
commit 76fe56020e

5
NEWS
View File

@ -21,7 +21,10 @@ Changes to build and runtime requirements:
Security related changes:
[Add security related changes here]
CVE-2022-39046: When the syslog function is passed a crafted input
string larger than 1024 bytes, it reads uninitialized memory from the
heap and prints it to the target log file, potentially revealing a
portion of the contents of the heap.
The following bugs are resolved with this release: