From 0a86542dae3279874f731052f2a8fe9a41596940 Mon Sep 17 00:00:00 2001
From: Mark Sapiro <mark@msapiro.net>
Date: Mon, 23 Jul 2018 07:07:29 -0700
Subject: Truncate long invalid list names in web error messages.

---
 NEWS | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 041fc7cc..b22c7a90 100644
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,12 @@ Copyright (C) 1998-2018 by the Free Software Foundation, Inc.
 
 Here is a history of user visible changes to Mailman.
 
-2.1.28 (xx-xxx-xxxx)
+2.1.28 (23-Jul-2018)
+
+  Security
+ 
+    - A content spoofing vulnerability with invalid list name messages in
+      the web UI has been fixed.  CVE-2018-13796  (LP: #1780874)
 
   New Features
 
-- 
cgit v1.2.3