buffered-reader: Update NEWS.

author: Neal H. Walfield <neal@pep.foundation> 2023-05-17 11:58:40 +0200
committer: Neal H. Walfield <neal@pep.foundation> 2023-05-17 11:58:40 +0200
commit: 39b89850c5585a916aea7115ce889e74042efe92 (patch)
tree: cf51688d303b0571965a8ac2fcde4e9ccab39e01
parent: 5587991fce9b4059e7e129c91a2669cf8ca0b4c9 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/buffered-reader/NEWS b/buffered-reader/NEWS
index 36c08ce6..44f485df 100644
--- a/buffered-reader/NEWS
+++ b/buffered-reader/NEWS
@@ -5,7 +5,11 @@
 * Changes in 1.2.0
 ** Notable changes
    - BufferedReader::copy is like std::io::copy, but more efficient.
-
+ * Notable fixes
+   - A parser bug was fixed.  We classify this as a low-severity
+     issue, because Rust correctly detects the out-of-bounds access
+     and panics.  If an attacker controls the input, they may be able
+     to use this bug to cause a denial of service.
 * Changes in 1.1.2
 ** Notable changes
    - The generic buffered reader now correctly handles end-of-file
author	Neal H. Walfield <neal@pep.foundation>	2023-05-17 11:58:40 +0200
committer	Neal H. Walfield <neal@pep.foundation>	2023-05-17 11:58:40 +0200
commit	39b89850c5585a916aea7115ce889e74042efe92 (patch)
tree	cf51688d303b0571965a8ac2fcde4e9ccab39e01
parent	5587991fce9b4059e7e129c91a2669cf8ca0b4c9 (diff)