From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 2206) id 574E93851174; Tue, 6 Sep 2022 13:38:58 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 574E93851174 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1662471538; bh=623Lc1edkz/+WdQkUZp31LAdapeO1JjXLBYbih2q0kY=; h=From:To:Subject:Date:From; b=DfxxXbs6h68Gaz/IQhUuPh2rrgsY2JH2OpsG6IEtdweboVZlRh3cizuWlH2ydJH/w 3qdik538npZnxRAnRO3rn2zKYyOg0giEpqvQocxE5MQnh5vvPBkyg+FfPRVOB2/CHr V/7l+NrWxrXtpwXBpaHmo9OWoMoTsfUmzCLmdIV0= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Siddhesh Poyarekar To: glibc-cvs@sourceware.org Subject: [glibc] Add NEWS entry for CVE-2022-39046 X-Act-Checkin: glibc X-Git-Author: Siddhesh Poyarekar X-Git-Refname: refs/heads/master X-Git-Oldrev: dbb75513f5cf9285c77c9e55777c5c35b653f890 X-Git-Newrev: 76fe56020e7ef354685b2284580ac1630c078a2b Message-Id: <20220906133858.574E93851174@sourceware.org> Date: Tue, 6 Sep 2022 13:38:58 +0000 (GMT) List-Id: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=76fe56020e7ef354685b2284580ac1630c078a2b commit 76fe56020e7ef354685b2284580ac1630c078a2b Author: Siddhesh Poyarekar Date: Tue Sep 6 09:31:50 2022 -0400 Add NEWS entry for CVE-2022-39046 Diff: --- NEWS | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index f9bef48a8f..ef274d1a42 100644 --- a/NEWS +++ b/NEWS @@ -21,7 +21,10 @@ Changes to build and runtime requirements: Security related changes: - [Add security related changes here] + CVE-2022-39046: When the syslog function is passed a crafted input + string larger than 1024 bytes, it reads uninitialized memory from the + heap and prints it to the target log file, potentially revealing a + portion of the contents of the heap. The following bugs are resolved with this release: