From a7c5dc83cbbefea57b34abdc3079bb5ecd0ef988 Mon Sep 17 00:00:00 2001
From: James Youngman <jay@gnu.org>
Date: Sun, 12 Jun 2005 21:17:18 +0000
Subject: [PATCH] Indicate that the infinite loop with "-L" has possible
 security implications.

---
 NEWS | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 74bda6e1..05172607 100644
--- a/NEWS
+++ b/NEWS
@@ -7,11 +7,18 @@ A locate database can now be supplied on stdin, using '-' as a element
 of the database-path. If more than one database-path element is '-',
 later instances are ignored.
 
-** Bug Fixes
+** Security Fixes
 
 If a directory entry searched with "find -L" is a symbolic link to
 ".", we no longer loop indefinitely.  This problem affected find
-versions 4.2.19, 4.2.20 and 4.2.21.
+versions 4.2.19, 4.2.20 and 4.2.21.  This problem allows users to make
+"find" loop indefinitely.  This is in effect a denial of service and
+could be used to prevent updates to the locate database or to defeat
+file security checks based on find.   However, it should be noted that
+you should not use "find -L" in security-sensitive scenarios.
+
+** Other Bug Fixes
+
 
 * Major changes in release 4.2.21
 ** Functional Changes to find