# HG changeset patch
# User Andrew John Hughes <gnu_andrew@member.fsf.org>
# Date 1361340969 -39600
# Node ID 88cc265f0504c6a17a64bb2be7d8269bbfab3aa6
# Parent  421a34013779388264dde11fad8531d86092d022
List 2.1.6 changes in NEWS.

2013-02-20  Andrew John Hughes  <gnu.andrew@member.fsf.org>

	* NEWS: List security fixes.

diff -r 421a34013779 -r 88cc265f0504 ChangeLog
--- a/ChangeLog	Wed Feb 20 06:14:09 2013 +0000
+++ b/ChangeLog	Wed Feb 20 17:16:09 2013 +1100
@@ -1,3 +1,7 @@
+2013-02-20  Andrew John Hughes  <gnu.andrew@member.fsf.org>
+
+	* NEWS: List security fixes.
+
 2013-02-20  Andrew John Hughes  <gnu.andrew@member.fsf.org>
 
 	* Makefile.am,
diff -r 421a34013779 -r 88cc265f0504 NEWS
--- a/NEWS	Wed Feb 20 06:14:09 2013 +0000
+++ b/NEWS	Wed Feb 20 17:16:09 2013 +1100
@@ -12,6 +12,19 @@
 
 New in release 2.1.6 (2013-02-XX):
 
+* Security fixes
+  - S8004937, CVE-2013-1484: Improve proxy construction
+  - S8006439, CVE-2013-1485: Improve MethodHandles coverage
+  - S8006446, CVE-2013-1486: Restrict MBeanServer access
+  - S8006777, CVE-2013-0169: Improve TLS handling of invalid messages
+  - S8007688: Blacklist known bad certificate
+* Backports
+  - S7123519: problems with certification path
+  - S8007393: Possible race condition after JDK-6664509
+  - S8007611: logging behavior in applet changed
+* Bug fixes
+  - PR1303: Support building with giflib 5
+
 New in release 2.1.5 (2013-02-13):
 
 * Security fixes