public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed
* [glibc/release/2.32/master] NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3)
@ 2022-10-07 8:20 Dmitry Levin
0 siblings, 0 replies; only message in thread
From: Dmitry Levin @ 2022-10-07 8:20 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3299ce69c50b85696ffa935083c8f8c43f9e0ac5
commit 3299ce69c50b85696ffa935083c8f8c43f9e0ac5
Author: Florian Weimer <fweimer@redhat.com>
Date: Fri Jan 29 17:29:57 2021 +0100
NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3)
(cherry picked from commit d7f4f3f5fb1275f0b3d9f4e1b3d9d7b75a5a9e26)
Diff:
---
NEWS | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/NEWS b/NEWS
index e92ecf66c8..ddbe2733ff 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,12 @@ Security related changes:
invoked with input containing redundant shift sequences in the IBM1364,
IBM1371, IBM1388, IBM1390, or IBM1399 character sets.
+ CVE-2021-3326: An assertion failure during conversion from the
+ ISO-20220-JP-3 character set using the iconv function has been fixed.
+ This assertion was triggered by certain valid inputs in which the
+ converted output contains a combined sequence of two wide characters
+ crossing a buffer boundary. Reported by Tavis Ormandy.
+
CVE-2021-33574: The mq_notify function has a potential use-after-free
issue when using a notification type of SIGEV_THREAD and a thread
attribute with a non-default affinity mask.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-10-07 8:20 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-07 8:20 [glibc/release/2.32/master] NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3) Dmitry Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).