readme: add links to CVE-s

diff --git a/NEWS.rst b/NEWS.rst
index 7054b3da2f6b9f3007a53a814055ce6011567bc9..7038e8a0df35a8b5ea124a13ed713152dbd64147 100644 (file)
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -51,6 +51,8 @@ PgBouncer 1.6.x
     When `auth_user` is set and client asks non-existing username,
     client will log in as `auth_user`.  Not good.
 
+    `CVE-2015-6817 <https://access.redhat.com/security/cve/cve-2015-6817>`_
+
   * Skip NoticeResponce in handle_auth_response.  Otherwise verbose
     log levels on server cause login failures.
 
@@ -212,6 +214,8 @@ PgBouncer 1.5.x
     - by '*' in [databases] section - the database name can come
     from network thus making remote shutdown possible.
 
+    `CVE-2012-4575 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4575>`_
+
 - Minor Features
 
   * max_packet_size - config parameter to tune maximum packet size