From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 2206) id 9AFB63851161; Tue, 6 Sep 2022 13:39:58 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9AFB63851161 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1662471598; bh=w3zCZDJHtCXm1P3f59D1ZUOh32dzr+BrtTjtoZbXrZI=; h=From:To:Subject:Date:From; b=acke9Ys4bI/MD+0656koZ7sYDhTWQ/EPtuyDpw1MTc+kd+6M3dO4RbA6SnMyH5bwh Y7t/S+dIs9pvl6ngQ9pxXkH0Ojzt7NpOeB76z/uMR8cWjJwl01TceSmH79x5sRManb 49ICM4S55nUv+sPUBDB6lFGky4lvhrVQmA5IBQIk= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Siddhesh Poyarekar To: glibc-cvs@sourceware.org Subject: [glibc/release/2.36/master] Add NEWS entry for CVE-2022-39046 X-Act-Checkin: glibc X-Git-Author: Siddhesh Poyarekar X-Git-Refname: refs/heads/release/2.36/master X-Git-Oldrev: 645d94808aaa90fb1b20a25ff70bb50d9eb1d55b X-Git-Newrev: b46412fb17e8bfc6c9e1f144bbcf833320c80f8a Message-Id: <20220906133958.9AFB63851161@sourceware.org> Date: Tue, 6 Sep 2022 13:39:58 +0000 (GMT) List-Id: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b46412fb17e8bfc6c9e1f144bbcf833320c80f8a commit b46412fb17e8bfc6c9e1f144bbcf833320c80f8a Author: Siddhesh Poyarekar Date: Tue Sep 6 09:31:50 2022 -0400 Add NEWS entry for CVE-2022-39046 (cherry picked from commit 76fe56020e7ef354685b2284580ac1630c078a2b) Diff: --- NEWS | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/NEWS b/NEWS index 757ded85e0..10a7613f09 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,13 @@ using `glibc' in the "product" field. Version 2.36.1 +Security related changes: + + CVE-2022-39046: When the syslog function is passed a crafted input + string larger than 1024 bytes, it reads uninitialized memory from the + heap and prints it to the target log file, potentially revealing a + portion of the contents of the heap. + The following bugs are resolved with this release: [28846] CMSG_NXTHDR may trigger -Wstrict-overflow warning