From 4f4c4d55985e5ab54c1461fd857403337f133034 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Tue, 2 Jul 2019 12:53:04 +0100
Subject: [PATCH] Problem: latest fixes missing from NEWS

Solution: add them
---
 NEWS | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/NEWS b/NEWS
index 81bd9e33..e8e11f8f 100644
--- a/NEWS
+++ b/NEWS
@@ -1,13 +1,30 @@
 0MQ version 4.1.7 stable, released on 20xx/xx/xx
 ================================================
 
+* CVE-2019-13132: a remote, unauthenticated client connecting to a
+  libzmq application, running with a socket listening with CURVE
+  encryption/authentication enabled, may cause a stack overflow and
+  overwrite the stack with arbitrary data, due to a buffer overflow in
+  the library. Users running public servers with the above configuration
+  are highly encouraged to upgrade as soon as possible, as there are no
+  known mitigations. All versions from 4.0.0 and upwards are affected.
+
 * Fixed #2254 - zmq 4.1.6 cannot pub msg to a zmq 2.x
 
 * Fixed #2623 - ZMQ_ROUTER: with ZMQ_ROUTER_MANDATORY, ZMQ_POLLOUT will now
                 now return true only if at least one pipe is ready for writing
 
+* Fixed #159 - off-by-one error leaves ZMQ_STREAM unusable
+
+* Fixed #163 - Fix divide by zero, in case of race condition, with ZMQ_PUSH
+
 * Fixed #164 - EHOSTDOWN socket error assertion
 
+* Fixed #165 - inproc pub/sub does not work when sub connects/binds before pub
+               does
+
+* Fix parsing application metadata when using CURVE
+
 
 0MQ version 4.1.6 stable, released on 2016/11/01
 ================================================