From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tuliom@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1827)
 id 21A66386F02B; Tue, 12 May 2020 18:43:03 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 21A66386F02B
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Tulio Magno Quites Machado Filho <tuliom@sourceware.org>
To: glibc-cvs@sourceware.org
Subject: [glibc/ibm/2.30/master] Add NEWS entry for CVE-2020-1752 (bug 25414)
X-Act-Checkin: glibc
X-Git-Author: Aurelien Jarno <aurelien@aurel32.net>
X-Git-Refname: refs/heads/ibm/2.30/master
X-Git-Oldrev: fb266e65ccf6fd674e05352ceb5f12d60889b92d
X-Git-Newrev: 6b11f60c700c9b50aba1a7f123411add5ade733c
Message-Id: <20200512184303.21A66386F02B@sourceware.org>
Date: Tue, 12 May 2020 18:43:03 +0000 (GMT)
X-BeenThere: glibc-cvs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Glibc-cvs mailing list <glibc-cvs.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/glibc-cvs>,
 <mailto:glibc-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/glibc-cvs/>
List-Help: <mailto:glibc-cvs-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/glibc-cvs>,
 <mailto:glibc-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2020 18:43:03 -0000

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6b11f60c700c9b50aba1a7f123411add5ade733c

commit 6b11f60c700c9b50aba1a7f123411add5ade733c
Author: Aurelien Jarno <aurelien@aurel32.net>
Date:   Thu Mar 19 22:53:00 2020 +0100

    Add NEWS entry for CVE-2020-1752 (bug 25414)
    
    (cherry picked from commit 39a05214fe14ff722d4d92e697fb71ff15e84e70)

Diff:
---
 NEWS | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/NEWS b/NEWS
index 0c4a78c3d5..d966688a56 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,9 @@ CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
   corruption when they were passed a pseudo-zero argument.  Reported by Guido
   Vranken / ForAllSecure Mayhem.
 
+CVE-2020-1752: A use-after-free vulnerability in the glob function when
+  expanding ~user has been fixed.
+
 The following bugs are resolved with this release:
 
   [23518] login: Remove utmp backend jump tables