From 5b3d0fae035c0d0332594cd0bdadb200939895a8 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Wed, 27 Mar 2019 10:02:11 +0100
Subject: [PATCH] Update NEWS for release

---
 NEWS | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/NEWS b/NEWS
index 82234cd8..bed1b394 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,25 @@
+Changes in 1.2.4
+================
+
+This release fixes CVE-2019-10063.
+
+It has been discovered that the previous fix for CVE-2017-5226, which uses
+seccomp to prevent sandboxed apps from using the (dangerous) TIOCSTI ioctl
+was only incomplete on 64bit arches. This is now fixed.
+
+ * seccomp: Only compare the low 32bit of the TIOCSTI ioctl args.
+ * Support multiple nvidia cards on the machine
+ * Fix support for systems where XDG_RUNTIME_DIR is /var/run which is a symlink
+   like gentoo.
+ * Fix potential crash when updating apps.
+ * flatpak list --arch now works correctly again.
+ * Update translations
+
 Changes in 1.2.3
 ================
 
+This release fixes CVE-2019-8308.
+
 The CVE-2019-5736 runc vulnerability is about using /proc/self/exe
 to modify the host side binary from the sandbox. This mostly does not
 affect flatpak since the flatpak sandbox is not run with root permissions.