Problem: latest fixes missing from NEWS

Solution: add them
2025-01-14 09:47:56 +08:00 · 2019-07-02 12:53:56 +01:00 · 2019-07-02 12:53:56 +01:00 · 62e02cdea3
commit 62e02cdea3
parent e65c14e20e
1 changed files with 13 additions and 0 deletions
--- a/13
+++ b/13
@ -1,6 +1,19 @@
 0MQ version 4.0.9 stable, released on 2016/xx/xx
 ================================================

+* CVE-2019-13132: a remote, unauthenticated client connecting to a
+  libzmq application, running with a socket listening with CURVE
+  encryption/authentication enabled, may cause a stack overflow and
+  overwrite the stack with arbitrary data, due to a buffer overflow in
+  the library. Users running public servers with the above configuration
+  are highly encouraged to upgrade as soon as possible, as there are no
+  known mitigations. All versions from 4.0.0 and upwards are affected.
+
+* Fix documentation to remove mention of features that are not available in
+  4.0.x.
+
+* Fix parsing application metadata when using CURVE.
+

 0MQ version 4.0.8 stable, released on 2016/06/17
 ================================================