From 403143e1df85dadd374f304bd891be0cd7573e3b Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Wed, 16 Aug 2017 16:47:20 +0200
Subject: Add ChangeLog reference to bug 16750/CVE-2009-5064

---
 NEWS | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 484c467..0008df1 100644
--- a/NEWS
+++ b/NEWS
@@ -22,7 +22,11 @@ Changes to build and runtime requirements:
 
 Security related changes:
 
-  [Add security related changes here]
+  CVE-2009-5064: The ldd script would sometimes run the program under
+  examination directly, without preventing code execution through the
+  dynamic linker.  (The glibc project disputes that this is a security
+  vulnerability; only trusted binaries must be examined using the ldd
+  script.)
 
 The following bugs are resolved with this release:
 
-- 
cgit v1.1