public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed
From: Dmitry Levin <ldv@sourceware.org>
To: glibc-cvs@sourceware.org
Subject: [glibc/release/2.32/master] NEWS: Move CVE-2020-27618 entry from 2.32 section to 2.32.1
Date: Fri, 7 Oct 2022 08:19:57 +0000 (GMT) [thread overview]
Message-ID: <20221007081957.2FEDF382F996@sourceware.org> (raw)
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=09c113cf00c4d42e5a46206d7c5fc4cc3470bccb
commit 09c113cf00c4d42e5a46206d7c5fc4cc3470bccb
Author: Dmitry V. Levin <ldv@altlinux.org>
Date: Tue Oct 4 08:00:00 2022 +0000
NEWS: Move CVE-2020-27618 entry from 2.32 section to 2.32.1
The fix was backported by commit 050022910be1d1f5c11cd5168f1685ad4f9580d2
("iconv: Accept redundant shift sequences in IBM1364 [BZ #26224]")
after glibc 2.32 release.
Diff:
---
NEWS | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/NEWS b/NEWS
index 3e844d9186..5f43794bf5 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,14 @@ See the end for copying conditions.
Please send GNU C library bug reports via <https://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
\f
+Version 2.32.1
+
+Security related changes:
+
+ CVE-2020-27618: An infinite loop has been fixed in the iconv program when
+ invoked with input containing redundant shift sequences in the IBM1364,
+ IBM1371, IBM1388, IBM1390, or IBM1399 character sets.
+
The following bugs are resolved with this release:
[20019] NULL pointer dereference in libc.so.6 IFUNC due to uninitialized GOT
@@ -69,6 +77,7 @@ The following bugs are resolved with this release:
[29528] elf: Call __libc_early_init for reused namespaces
[29611] Optimized AVX2 string functions unconditionally use BMI2 instructions
+\f
Version 2.32
Major new features:
@@ -249,10 +258,6 @@ Security related changes:
Dytrych of the Cisco Security Assessment and Penetration Team (See
TALOS-2020-1019).
- CVE-2020-27618: An infinite loop has been fixed in the iconv program when
- invoked with input containing redundant shift sequences in the IBM1364,
- IBM1371, IBM1388, IBM1390, or IBM1399 character sets.
-
CVE-2021-33574: The mq_notify function has a potential use-after-free
issue when using a notification type of SIGEV_THREAD and a thread
attribute with a non-default affinity mask.
reply other threads:[~2022-10-07 8:19 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221007081957.2FEDF382F996@sourceware.org \
--to=ldv@sourceware.org \
--cc=glibc-cvs@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).