From 39b89850c5585a916aea7115ce889e74042efe92 Mon Sep 17 00:00:00 2001
From: "Neal H. Walfield" <neal@pep.foundation>
Date: Wed, 17 May 2023 11:58:40 +0200
Subject: buffered-reader: Update NEWS.

---
 buffered-reader/NEWS | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/buffered-reader/NEWS b/buffered-reader/NEWS
index 36c08ce6..44f485df 100644
--- a/buffered-reader/NEWS
+++ b/buffered-reader/NEWS
@@ -5,7 +5,11 @@
 * Changes in 1.2.0
 ** Notable changes
    - BufferedReader::copy is like std::io::copy, but more efficient.
-
+ * Notable fixes
+   - A parser bug was fixed.  We classify this as a low-severity
+     issue, because Rust correctly detects the out-of-bounds access
+     and panics.  If an attacker controls the input, they may be able
+     to use this bug to cause a denial of service.
 * Changes in 1.1.2
 ** Notable changes
    - The generic buffered reader now correctly handles end-of-file
-- 
cgit v1.2.3