add a note on rgw civetweb cve in PendingReleaseNotes

author Abhishek Lekshmanan <abhishek@suse.com>

Fri, 22 Feb 2019 16:16:12 +0000 (17:16 +0100)

committer Abhishek Lekshmanan <abhishek@suse.com>

Fri, 22 Feb 2019 16:16:12 +0000 (17:16 +0100)
author Abhishek Lekshmanan <abhishek@suse.com>
Fri, 22 Feb 2019 16:16:12 +0000 (17:16 +0100)
committer Abhishek Lekshmanan <abhishek@suse.com>
Fri, 22 Feb 2019 16:16:12 +0000 (17:16 +0100)
diff --git a/PendingReleaseNotes b/PendingReleaseNotes

index a15f54eb3f3ae37e7705a21e507b37206adabfd2..9d87d10c9b4bdaf1b7a2162a89c3867b5441c730 100644 (file)
--- a/PendingReleaseNotes
+++ b/PendingReleaseNotes
@@ -70,3 +70,6 @@ notes (?))
    this flag *must not* be unset anymore. In luminous, this feature was
    introduced in 12.2.11. Users who are running 12.2.11, and want to
    continue to use this feauture, should upgrade to 13.2.5 or later.
+
+* This release also fixes a cve on civetweb, CVE-2019-3821 where ssl fds were
+  not closed in civetweb in case the initial negotiation fails.
author	Abhishek Lekshmanan <abhishek@suse.com>
	Fri, 22 Feb 2019 16:16:12 +0000 (17:16 +0100)
committer	Abhishek Lekshmanan <abhishek@suse.com>
	Fri, 22 Feb 2019 16:16:12 +0000 (17:16 +0100)