Add CVE-2018-16301 to CHANGES. [skip ci]

One of the effects of commit faf8fb7 was fixing a buffer overflow that
was discovered and reported by Include Security (case reference "F2").
Their work was sponsored by Mozilla under the Secure Open Source
program.  The vulnerability was assigned CVE-2018-16301 on 2018-09-01
(MITRE request reference "scr562827"), but was not properly documented
afterwards.  Add a line to the change log section for 4.99.0, which at
the time of this writing is the first release to incorporate the fix.

See also https://github.com/the-tcpdump-group/libpcap/issues/855

diff --git a/CHANGES b/CHANGES
index 97fdb08833b30b441d37ed609bedbd9c8dbe6e23..a5380cb5bdc2adf328f37c85989b4e55d560ff4c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -70,6 +70,7 @@ Wednesday, June 9, 2021 by gharris
 
 Wednesday, December 30, 2020, by [email protected], denis and fxl.
   Summary for 4.99.0 tcpdump release
+    CVE-2018-16301: For the -F option handle large input files safely.
     Improve the contents, wording and formatting of the man page.
     Print unsupported link-layer protocol packets in hex.
     Add support for new network protocols and DLTs: Arista, Autosar SOME/IP,