From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 1804) id 44CB0382F98E; Fri, 7 Oct 2022 08:20:02 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 44CB0382F98E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1665130802; bh=UP1snetNU+q4LvMhTFw4UtjvGb1z17aeftE+QjKXdbw=; h=From:To:Subject:Date:From; b=K7WcUzI042LRT4Zo/uW3eDewsI0CSI/K6lXlZzlCnkMuH6FbTx1BN9wArXBFPQTeN jgNNwkwAcdlkLFZVwPWNhT+i2SjgkZcCEeS6k6AqGQNVlzbpXvGyjYbE185bohFRbG mrYLeIr/ORjTyMwo1oz8iauRo3XLJkBo+KdA0lMo= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Dmitry Levin To: glibc-cvs@sourceware.org Subject: [glibc/release/2.32/master] NEWS: Move CVE-2021-33574 entry from 2.32 section to 2.32.1 X-Act-Checkin: glibc X-Git-Author: Dmitry V. Levin X-Git-Refname: refs/heads/release/2.32/master X-Git-Oldrev: 09c113cf00c4d42e5a46206d7c5fc4cc3470bccb X-Git-Newrev: 32022774db16ae5e41a940e559f11eb74bb011bf Message-Id: <20221007082002.44CB0382F98E@sourceware.org> Date: Fri, 7 Oct 2022 08:20:02 +0000 (GMT) List-Id: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=32022774db16ae5e41a940e559f11eb74bb011bf commit 32022774db16ae5e41a940e559f11eb74bb011bf Author: Dmitry V. Levin Date: Tue Oct 4 08:00:00 2022 +0000 NEWS: Move CVE-2021-33574 entry from 2.32 section to 2.32.1 The fix was backported by commit ff75390ef59823193351ae77584c397c503b7b58 ("Use __pthread_attr_copy in mq_notify (bug 27896)") after glibc 2.32 release. Diff: --- NEWS | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index 5f43794bf5..cf8c54f681 100644 --- a/NEWS +++ b/NEWS @@ -13,6 +13,10 @@ Security related changes: invoked with input containing redundant shift sequences in the IBM1364, IBM1371, IBM1388, IBM1390, or IBM1399 character sets. + CVE-2021-33574: The mq_notify function has a potential use-after-free + issue when using a notification type of SIGEV_THREAD and a thread + attribute with a non-default affinity mask. + The following bugs are resolved with this release: [20019] NULL pointer dereference in libc.so.6 IFUNC due to uninitialized GOT @@ -258,10 +262,6 @@ Security related changes: Dytrych of the Cisco Security Assessment and Penetration Team (See TALOS-2020-1019). - CVE-2021-33574: The mq_notify function has a potential use-after-free - issue when using a notification type of SIGEV_THREAD and a thread - attribute with a non-default affinity mask. - The following bugs are resolved with this release: [9809] localedata: ckb_IQ: new Kurdish Sorani locale