security: name fixed CVE's in release sections

Suggested-By: Vincent Danen <vdanen@redhat.com>

diff --git a/NEWS b/NEWS
index f0d5caca61723858c0655de888d2e29bbf943087..9b40d6e784c4f6ab6a47282fdec5d85c9d761a1c 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,9 @@
 
 * What's new in version 1.6, 2011-07-25
 
+- Security fixes for CVE-2011-2503: read instead of mmap to load modules,
+  CVE-2011-2502: Don't allow path-based auth for uprobes
+
 - The systemtap compile-server no longer uses the -k option when calling the
   translator (stap). As a result, the server will now take advantage of the
   module cache when compiling the same script more than once. You may observe
@@ -46,6 +49,9 @@
 
 * What's new in version 1.5, 2011-05-23
 
+- Security fixes for CVE-2011-1781, CVE-2011-1769: correct DW_OP_{mod,div}
+  division-by-zero bug
+
 - The compile server and its related tools (stap-gen-ert, stap-authorize-cert,
    stap-sign-module) have been re-implemented in C++. Previously, these
    components were a mix of bash scripts and C code. These changes should be
@@ -118,6 +124,9 @@
 
 * What's new in version 1.4, 2011-01-17
 
+- Security fixes for CVE-2010-4170, CVE-2010-4171: staprun module
+  loading/unloading
+
 - A new /* myproc-unprivileged */ marker is now available for embedded C
   code and and expressions. Like the /* unprivileged */ marker, it makes
   the code or expression available for use in unprivileged mode (see