# HG changeset patch
# User Andrew John Hughes <gnu_andrew@member.fsf.org>
# Date 1361341405 -39600
# Node ID bc2e3e5429e21076f226fa122eb024971b8f7b64
# Parent  e9a086e0d69c342c1b2d7569c823e4865c24bc6c
Update NEWS with 2.2.6 changes.

2013-02-20  Andrew John Hughes  <gnu.andrew@member.fsf.org>

	* NEWS: List security fixes.

diff -r e9a086e0d69c -r bc2e3e5429e2 ChangeLog
--- a/ChangeLog	Wed Feb 20 03:57:32 2013 +0000
+++ b/ChangeLog	Wed Feb 20 17:23:25 2013 +1100
@@ -1,3 +1,7 @@
+2013-02-20  Andrew John Hughes  <gnu.andrew@member.fsf.org>
+
+	* NEWS: List security fixes.
+
 2013-02-20  Andrew John Hughes  <gnu.andrew@member.fsf.org>
 
 	* Makefile.am,
diff -r e9a086e0d69c -r bc2e3e5429e2 NEWS
--- a/NEWS	Wed Feb 20 03:57:32 2013 +0000
+++ b/NEWS	Wed Feb 20 17:23:25 2013 +1100
@@ -12,6 +12,18 @@
 
 New in release 2.2.6 (2013-02-XX):
 
+* Security fixes
+  - S8004937, CVE-2013-1484: Improve proxy construction
+  - S8006439, CVE-2013-1485: Improve MethodHandles coverage
+  - S8006446, CVE-2013-1486: Restrict MBeanServer access
+  - S8006777, CVE-2013-0169: Improve TLS handling of invalid messages
+  - S8007688: Blacklist known bad certificate
+* Backports
+  - S8007393: Possible race condition after JDK-6664509
+  - S8007611: logging behavior in applet changed
+* Bug fixes
+  - PR1303: Support building with giflib 5
+
 New in release 2.2.5 (2013-02-13):
 
 * Security fixes