Update NEWS to add CVE number for 1.11's VCF parser fix

CVE-2020-36403 was recently allocated for this legacy issue.
samtools · Jul 28, 2021 · 06520ce · 06520ce
1 parent d16bed5
commit 06520ce
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/NEWS b/NEWS
@@ -522,7 +522,7 @@ Bug fixes
 
 * Fixed potential integer overflows in the VCF parser and ensured that
   the total length of FORMAT fields cannot go over 2Gbytes. [fuzz] (#1044,
-  #1104)
+  #1104; latter is CVE-2020-36403 affecting HTSlib versions 1.10 to 1.10.2)
 
 * Download index files atomically in idx_test_and_fetch().  This prevents
   corruption when running parallel jobs on S3 files.  Thanks to John Marshall.