From ff152dccddb4303ecbc348e6cca0778431ba1ad2 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Mon, 11 Feb 2019 13:39:47 +0100
Subject: [PATCH] Update NEWS for release

---
 NEWS | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/NEWS b/NEWS
index 01c33474..cd1856a2 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,14 @@
+Changes in 1.0.7
+================
+
+The CVE-2019-5736 runc vulnerability is about using /proc/self/exe
+to modify the host side binary from the sandbox. This mostly does not
+affect flatpak since the flatpak sandbox is not run with root permissions.
+However, there is one case (running the apply_extra script for system
+installs) where this happens, so this release contains a fix for that.
+
+ * Don't expose /proc in apply_extra script sandbox.
+
 Changes in 1.0.6
 ================