public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed
* [glibc/ibm/2.30/master] NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3)
@ 2021-03-18 21:41 Raphael Zinsly
0 siblings, 0 replies; only message in thread
From: Raphael Zinsly @ 2021-03-18 21:41 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fa4162af6fc91fde8ed1c31e38a67736b7ef1ece
commit fa4162af6fc91fde8ed1c31e38a67736b7ef1ece
Author: Florian Weimer <fweimer@redhat.com>
Date: Fri Jan 29 17:29:57 2021 +0100
NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3)
Diff:
---
NEWS | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/NEWS b/NEWS
index d2c2a0ec67..b743fba3c7 100644
--- a/NEWS
+++ b/NEWS
@@ -32,6 +32,12 @@ CVE-2020-27618: An infinite loop has been fixed in the iconv program when
CVE-2020-29562: An assertion failure has been fixed in the iconv function
when invoked with UCS4 input containing an invalid character.
+ CVE-2021-3326: An assertion failure during conversion from the
+ qISO-20220-JP-3 character set using the iconv function has been fixed.
+ This assertion was triggered by certain valid inputs in which the
+ converted output contains a combined sequence of two wide characters
+ crossing a buffer boundary. Reported by Tavis Ormandy.
+
The following bugs are resolved with this release:
[20019] NULL pointer dereference in libc.so.6 IFUNC due to uninitialized GOT
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-03-18 21:41 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-18 21:41 [glibc/ibm/2.30/master] NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3) Raphael Zinsly
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).