Update NEWS for CVE-2019-25013.

diff --git a/NEWS b/NEWS
index 8f40026..face78c 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -84,6 +84,9 @@ Security related changes:
   CVE-2020-29562: An assertion failure has been fixed in the iconv function
   when invoked with UCS4 input containing an invalid character.
 
+  CVE-2019-25013: A buffer overflow has been fixed in the iconv function when
+  invoked with EUC-KR input containing invalid multibyte input sequences.
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by