public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed
* [glibc/release/2.32/master] NEWS: Move CVE-2020-27618 entry from 2.32 section to 2.32.1
@ 2022-10-07  8:19 Dmitry Levin
  0 siblings, 0 replies; only message in thread
From: Dmitry Levin @ 2022-10-07  8:19 UTC (permalink / raw)
  To: glibc-cvs

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=09c113cf00c4d42e5a46206d7c5fc4cc3470bccb

commit 09c113cf00c4d42e5a46206d7c5fc4cc3470bccb
Author: Dmitry V. Levin <ldv@altlinux.org>
Date:   Tue Oct 4 08:00:00 2022 +0000

    NEWS: Move CVE-2020-27618 entry from 2.32 section to 2.32.1
    
    The fix was backported by commit 050022910be1d1f5c11cd5168f1685ad4f9580d2
    ("iconv: Accept redundant shift sequences in IBM1364 [BZ #26224]")
    after glibc 2.32 release.

Diff:
---
 NEWS | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/NEWS b/NEWS
index 3e844d9186..5f43794bf5 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,14 @@ See the end for copying conditions.
 Please send GNU C library bug reports via <https://sourceware.org/bugzilla/>
 using `glibc' in the "product" field.
 \f
+Version 2.32.1
+
+Security related changes:
+
+  CVE-2020-27618: An infinite loop has been fixed in the iconv program when
+  invoked with input containing redundant shift sequences in the IBM1364,
+  IBM1371, IBM1388, IBM1390, or IBM1399 character sets.
+
 The following bugs are resolved with this release:
 
   [20019] NULL pointer dereference in libc.so.6 IFUNC due to uninitialized GOT
@@ -69,6 +77,7 @@ The following bugs are resolved with this release:
   [29528] elf: Call __libc_early_init for reused namespaces
   [29611] Optimized AVX2 string functions unconditionally use BMI2 instructions
 
+\f
 Version 2.32
 
 Major new features:
@@ -249,10 +258,6 @@ Security related changes:
   Dytrych of the Cisco Security Assessment and Penetration Team (See
   TALOS-2020-1019).
 
-  CVE-2020-27618: An infinite loop has been fixed in the iconv program when
-  invoked with input containing redundant shift sequences in the IBM1364,
-  IBM1371, IBM1388, IBM1390, or IBM1399 character sets.
-
   CVE-2021-33574: The mq_notify function has a potential use-after-free
   issue when using a notification type of SIGEV_THREAD and a thread
   attribute with a non-default affinity mask.

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2022-10-07  8:19 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-07  8:19 [glibc/release/2.32/master] NEWS: Move CVE-2020-27618 entry from 2.32 section to 2.32.1 Dmitry Levin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).