From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 1804) id 2FEDF382F996; Fri, 7 Oct 2022 08:19:57 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2FEDF382F996 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1665130797; bh=OdnBz/DvZD8JJx645PArvDk+7I+OzM7o2v+e+h1N4QE=; h=From:To:Subject:Date:From; b=uTbD0nmh4sRbp4wyId6MneSLvoWMdBVCfRy+TAEaSIVD5fv7ubpRU+2lbWYn/Qjh2 7bjmN5j/hPjSKrRlUgF4Y9qKNlRyR6Xbosh5MoHvhrxWy2hprPoiPhTj5VWvfxBYE+ 7v1EuU1wUif/S/Zma0bbyPA+2KYkhIcn/ZqA3yoc= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Dmitry Levin To: glibc-cvs@sourceware.org Subject: [glibc/release/2.32/master] NEWS: Move CVE-2020-27618 entry from 2.32 section to 2.32.1 X-Act-Checkin: glibc X-Git-Author: Dmitry V. Levin X-Git-Refname: refs/heads/release/2.32/master X-Git-Oldrev: f6f96a16e6ce649eca0a673bc13b051b40bf2ceb X-Git-Newrev: 09c113cf00c4d42e5a46206d7c5fc4cc3470bccb Message-Id: <20221007081957.2FEDF382F996@sourceware.org> Date: Fri, 7 Oct 2022 08:19:57 +0000 (GMT) List-Id: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=09c113cf00c4d42e5a46206d7c5fc4cc3470bccb commit 09c113cf00c4d42e5a46206d7c5fc4cc3470bccb Author: Dmitry V. Levin Date: Tue Oct 4 08:00:00 2022 +0000 NEWS: Move CVE-2020-27618 entry from 2.32 section to 2.32.1 The fix was backported by commit 050022910be1d1f5c11cd5168f1685ad4f9580d2 ("iconv: Accept redundant shift sequences in IBM1364 [BZ #26224]") after glibc 2.32 release. Diff: --- NEWS | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index 3e844d9186..5f43794bf5 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,14 @@ See the end for copying conditions. Please send GNU C library bug reports via using `glibc' in the "product" field. +Version 2.32.1 + +Security related changes: + + CVE-2020-27618: An infinite loop has been fixed in the iconv program when + invoked with input containing redundant shift sequences in the IBM1364, + IBM1371, IBM1388, IBM1390, or IBM1399 character sets. + The following bugs are resolved with this release: [20019] NULL pointer dereference in libc.so.6 IFUNC due to uninitialized GOT @@ -69,6 +77,7 @@ The following bugs are resolved with this release: [29528] elf: Call __libc_early_init for reused namespaces [29611] Optimized AVX2 string functions unconditionally use BMI2 instructions + Version 2.32 Major new features: @@ -249,10 +258,6 @@ Security related changes: Dytrych of the Cisco Security Assessment and Penetration Team (See TALOS-2020-1019). - CVE-2020-27618: An infinite loop has been fixed in the iconv program when - invoked with input containing redundant shift sequences in the IBM1364, - IBM1371, IBM1388, IBM1390, or IBM1399 character sets. - CVE-2021-33574: The mq_notify function has a potential use-after-free issue when using a notification type of SIGEV_THREAD and a thread attribute with a non-default affinity mask.