Merge pull request #404 from jubalh/cves

mdadams · web-flow · commit 39e61d6fcfb9 · 2025-08-14T07:33:09.000-07:00
Add reference to CVE-2025-8836, CVE-2025-8837 in NEWS document
diff --git a/NEWS.txt b/NEWS.txt
@@ -2,13 +2,13 @@
 ==================
 
 * Fixed a bug in the JPC decoder that could cause bad memory accesses
-  if the debug level is set sufficiently high (#402, #403).
+  if the debug level is set sufficiently high (#402, #403) (CVE-2025-8837).
 
 4.2.7 (2025-08-02)
 ==================
 
 * Added some missing range checking on several coding parameters in the
-  JPC encoder (#401).
+  JPC encoder (#401) (CVE-2025-8836).
 
 4.2.6 (2025-08-02)
 ==================
