From f02fbfef207d42e86df9022560b799c9440aad81 Mon Sep 17 00:00:00 2001
From: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
Date: Sat, 31 Aug 2024 20:01:23 +0200
Subject: [PATCH] NEWS: mention telnet integer overflow handling fix

* NEWS: Mention the recent fix for signed integer overflow
handling.
---
 NEWS | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/NEWS b/NEWS
index 6d7bfef9..6aa1a7f5 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,12 @@ when using the --format or --short option. More details in
 ** Inetutils can now be built with C23 compilers.
 Except for when configured to support Kerberos 4.
 
+** telnet: Fix signed integer overflow handling when using any of the
+commands 'send do', 'send dont', 'send will', or 'send wont' with a
+numerical argument.  On some systems a signed integer overflow using
+one of these commands could have lead to an out-of-bounds array access
+usually resulting in a crash.
+
 * Noteworthy changes in release 2.5 (2023-12-29) [stable]
 
 ** ftpd, rcp, rlogin, rsh, rshd, uucpd