Fix NEWS for 5.6.0 and 5.6.1.

author: Lasse Collin <lasse.collin@tukaani.org> 2024-04-08 19:28:35 +0300
committer: Lasse Collin <lasse.collin@tukaani.org> 2024-04-09 18:22:27 +0300
commit: 780cbf29d5a88db2b546e9b7b019c4c33ca72685 (patch)
tree: ad94450db0f86736dc0d8700dd9175c61207aef8
parent: Remove the XZ logo. (diff)
download: xz-780cbf29d5a88db2b546e9b7b019c4c33ca72685.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index e6a965ad..3913c252 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,9 @@ XZ Utils Release Notes
 
 5.6.1 (2024-03-09)
 
+    IMPORTANT: This fixed bugs in the backdoor (CVE-2024-3094) (someone
+    had forgot to run Valgrind).
+
     * liblzma: Fixed two bugs relating to GNU indirect function (IFUNC)
       with GCC. The more serious bug caused a program linked with
       liblzma to crash on start up if the flag -fprofile-generate was
@@ -30,6 +33,9 @@ XZ Utils Release Notes
 
 5.6.0 (2024-02-24)
 
+    IMPORTANT: This added a backdoor (CVE-2024-3094). It's enabled only
+    in the release tarballs.
+
     This bumps the minor version of liblzma because new features were
     added. The API and ABI are still backward compatible with liblzma
     5.4.x and 5.2.x and 5.0.x.
author	Lasse Collin <lasse.collin@tukaani.org>	2024-04-08 19:28:35 +0300
committer	Lasse Collin <lasse.collin@tukaani.org>	2024-04-09 18:22:27 +0300
commit	780cbf29d5a88db2b546e9b7b019c4c33ca72685 (patch)
tree	ad94450db0f86736dc0d8700dd9175c61207aef8
parent	Remove the XZ logo. (diff)
download	xz-780cbf29d5a88db2b546e9b7b019c4c33ca72685.tar.xz