From 690cbc5035a59a3ee52a68b6d0254e11be11fe43 Mon Sep 17 00:00:00 2001
From: Abhishek Lekshmanan <abhishek@suse.com>
Date: Fri, 22 Feb 2019 17:16:12 +0100
Subject: [PATCH] add a note on rgw civetweb cve in PendingReleaseNotes

Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
---
 PendingReleaseNotes | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/PendingReleaseNotes b/PendingReleaseNotes
index a15f54eb3f3a..9d87d10c9b4b 100644
--- a/PendingReleaseNotes
+++ b/PendingReleaseNotes
@@ -70,3 +70,6 @@ notes (?))
   this flag *must not* be unset anymore. In luminous, this feature was
   introduced in 12.2.11. Users who are running 12.2.11, and want to
   continue to use this feauture, should upgrade to 13.2.5 or later.
+
+* This release also fixes a cve on civetweb, CVE-2019-3821 where ssl fds were
+  not closed in civetweb in case the initial negotiation fails.
-- 
2.47.3