telepathy-gabble: NEWS for 0.16.5

[Will Thompson]

Module: telepathy-gabble
Branch: master
Commit: 4882535eeeb5843e26dd2b6f0aeaff3f201cbfe6
URL:    http://cgit.freedesktop.org/telepathy/telepathy-gabble/commit/?id=4882535eeeb5843e26dd2b6f0aeaff3f201cbfe6

Author: Will Thompson <will.thompson at collabora.co.uk>
Date:   Fri Mar  1 09:16:25 2013 +0000

NEWS for 0.16.5

---

 NEWS |   19 +++++++++++++++++++
 1 files changed, 19 insertions(+), 0 deletions(-)

diff --git a/NEWS b/NEWS
index 3bdd561..5cd2165 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,22 @@
+telepathy-gabble 0.16.5 (2013-03-01)
+====================================
+
+The “In Actuality You Are A Gigantic, Bloodthirsty Grizzly Bear”
+release. This fixes a remotely-triggered denial-of-service bug. You
+should upgrade.
+
+Fixes:
+
+• fd.o#57521: don't crash when the server sends back malformed or error
+  replies to privacy list queries. (wjt)
+
+• fd.o#61433: don't crash on weirdly-shaped data forms in caps query
+  replies. This issue is tracked as CVE-2013-1769. Unfortunately, this
+  bug can be triggered by any XMPP user who knows your bare JID, not
+  just by people you've authorized to see your presence. Fortunately, it
+  is just a NULL pointer dereference, rather than allowing the attacker
+  to do anything more nefarious like execute code. (wjt)
+
 telepathy-gabble 0.16.4 (2012-11-09)
 ====================================