From 6fd634e9b922a4a1293f0cf5a8f6c908f68c5401 Mon Sep 17 00:00:00 2001
From: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Mon, 7 Dec 2020 22:29:18 +0530
Subject: [PATCH] NEWS: Mention CVE-2020-29562 (BZ #26923)

BZ #26923 now has a CVE entry, so add a NEWS entry for it.

(cherry picked from commit 38a9e93cb1c58e3c899d638480e6d6e42af8e6fc)
---
 NEWS | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/NEWS b/NEWS
index 3e28b3902e..f087aff61e 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,9 @@ Security related changes:
   CVE-2019-25013: A buffer overflow has been fixed in the iconv function when
   invoked with EUC-KR input containing invalid multibyte input sequences.
 
+  CVE-2020-29562: An assertion failure has been fixed in the iconv function
+  when invoked with UCS4 input containing an invalid character.
+
   CVE-2020-27618: An infinite loop has been fixed in the iconv program when
   invoked with input containing redundant shift sequences in the IBM1364,
   IBM1371, IBM1388, IBM1390, or IBM1399 character sets.