From f8cba20859b8c075c6178329d99bc2bc14be5c8b Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 12 Feb 2026 14:54:06 +0100
Subject: [PATCH] Add back Security section to 0.12.0 changelog
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
---
 CHANGELOG | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index 780b0607..d2ec46a9 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,6 +2,17 @@ CHANGELOG
 =========
 
 version 0.12.0 (released 2026-02-10)
+ * Security:
+   * CVE-2025-14821: libssh loads configuration files from the C:\etc directory
+     on Windows
+   * CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request()
+   * CVE-2026-0965: Possible Denial of Service when parsing unexpected
+     configuration files
+   * CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input
+   * CVE-2026-0967: Specially crafted patterns could cause DoS
+   * CVE-2026-0968: OOB Read in sftp_parse_longname()
+   * libssh-2026-sftp-extensions: Read buffer overrun when handling SFTP
+     extensions
  * Deprecations and removals:
    * Bumped minimal RSA key size to 1024 bits
  * New functionality: