[glibc/release/2.39/master] NEWS: update list of fixed CVEs in 2.39

[glibc/release/2.39/master] NEWS: update list of fixed CVEs in 2.39

[Andreas K. Huttel]

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=198632a05f6c7b9ab67d3331d8caace9ceabb685

commit 198632a05f6c7b9ab67d3331d8caace9ceabb685
Author: Andreas K. Hüttel <dilfridge@gentoo.org>
Date:   Sat Jun 15 15:22:20 2024 +0200

    NEWS: update list of fixed CVEs in 2.39
    
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

Diff:
---
 NEWS | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/NEWS b/NEWS
index eba57af12f..06faac3b1f 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,26 @@ Version 2.39.1
 
 Security related changes:
 
+The following CVEs were fixed in this release:
+
+  GLIBC-SA-2024-0004:
+    ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
+    sequence (CVE-2024-2961)
+
+  GLIBC-SA-2024-0005:
+    nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)
+
+  GLIBC-SA-2024-0006:
+    nscd: Null pointer crash after notfound response (CVE-2024-33600)
+
+  GLIBC-SA-2024-0007:
+    nscd: netgroup cache may terminate daemon on memory allocation
+    failure (CVE-2024-33601)
+
+  GLIBC-SA-2024-0008:
+    nscd: netgroup cache assumes NSS callback uses in-buffer strings
+    (CVE-2024-33602)
+
 The following bugs are resolved with this release:
 
   [19622] network: Support aliasing with struct sockaddr