From 46db23ba552ef0d3fc65c20c4e31429cd6c02147 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Wed, 27 Mar 2019 10:13:54 +0100
Subject: [PATCH] Update NEWS for release

---
 NEWS | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/NEWS b/NEWS
index cd1856a2..5d0c20f3 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,19 @@
+Changes in 1.0.8
+================
+
+This release fixes CVE-2019-10063.
+
+It has been discovered that the previous fix for CVE-2017-5226, which uses
+seccomp to prevent sandboxed apps from using the (dangerous) TIOCSTI ioctl
+was only incomplete on 64bit arches. This is now fixed.
+
+ * seccomp: Only compare the low 32bit of the TIOCSTI ioctl args.
+
 Changes in 1.0.7
 ================
 
+This release fixes CVE-2019-8308.
+
 The CVE-2019-5736 runc vulnerability is about using /proc/self/exe
 to modify the host side binary from the sandbox. This mostly does not
 affect flatpak since the flatpak sandbox is not run with root permissions.