From 304d73b1fea24af791f2a129fb141c5009eae6a8 Mon Sep 17 00:00:00 2001
From: "Frank Ch. Eigler" <fche@redhat.com>
Date: Fri, 29 Jul 2011 14:00:32 -0400
Subject: [PATCH] security: name fixed CVE's in release sections

Suggested-By: Vincent Danen <vdanen@redhat.com>
---
 NEWS | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/NEWS b/NEWS
index f0d5caca6..9b40d6e78 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,9 @@
 
 * What's new in version 1.6, 2011-07-25
 
+- Security fixes for CVE-2011-2503: read instead of mmap to load modules,
+  CVE-2011-2502: Don't allow path-based auth for uprobes
+
 - The systemtap compile-server no longer uses the -k option when calling the
   translator (stap). As a result, the server will now take advantage of the
   module cache when compiling the same script more than once. You may observe
@@ -46,6 +49,9 @@
 
 * What's new in version 1.5, 2011-05-23
 
+- Security fixes for CVE-2011-1781, CVE-2011-1769: correct DW_OP_{mod,div}
+  division-by-zero bug
+
 - The compile server and its related tools (stap-gen-ert, stap-authorize-cert,
    stap-sign-module) have been re-implemented in C++. Previously, these
    components were a mix of bash scripts and C code. These changes should be
@@ -118,6 +124,9 @@
 
 * What's new in version 1.4, 2011-01-17
 
+- Security fixes for CVE-2010-4170, CVE-2010-4171: staprun module
+  loading/unloading
+
 - A new /* myproc-unprivileged */ marker is now available for embedded C
   code and and expressions. Like the /* unprivileged */ marker, it makes
   the code or expression available for use in unprivileged mode (see
-- 
2.43.5