From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ldv@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1804)
	id 9D0C43853559; Fri,  7 Oct 2022 08:20:17 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9D0C43853559
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1665130817;
	bh=kM+wXSZGpNtYu8rlFLWs3M2U4EtAwbwjC4ksPlHDl30=;
	h=From:To:Subject:Date:From;
	b=fcHkYgfy/sFHmRQ7GrR2YlbN726KgLBUs8EsaDda4ze60S4rIvd/AzGDVRKgtgoiy
	 NPdx7zCzo0c6f6AhmE7k6OBj45UEqdEPeQCq28hZNSPfhBJn2V7VMKOiP+Ryr5p4Kl
	 VOqMjYfXjhZmmbV0UWU390kmBQVJgK5J33x+GjbU=
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Dmitry Levin <ldv@sourceware.org>
To: glibc-cvs@sourceware.org
Subject: [glibc/release/2.32/master] NEWS: Mention CVE-2021-27645
X-Act-Checkin: glibc
X-Git-Author: DJ Delorie <dj@redhat.com>
X-Git-Refname: refs/heads/release/2.32/master
X-Git-Oldrev: 3299ce69c50b85696ffa935083c8f8c43f9e0ac5
X-Git-Newrev: aa510aa2767b9aff0401a62718e2cf93f745fb0d
Message-Id: <20221007082017.9D0C43853559@sourceware.org>
Date: Fri,  7 Oct 2022 08:20:17 +0000 (GMT)
List-Id: <glibc-cvs.sourceware.org>

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=aa510aa2767b9aff0401a62718e2cf93f745fb0d

commit aa510aa2767b9aff0401a62718e2cf93f745fb0d
Author: DJ Delorie <dj@redhat.com>
Date:   Wed Mar 3 14:52:57 2021 -0500

    NEWS: Mention CVE-2021-27645
    
    (cherry picked from commit 24eb3be5db5befefe4bcf0f438bf6629a9c3a608)

Diff:
---
 NEWS | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/NEWS b/NEWS
index ddbe2733ff..7bd476deb6 100644
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,11 @@ Security related changes:
   converted output contains a combined sequence of two wide characters
   crossing a buffer boundary.  Reported by Tavis Ormandy.
 
+  CVE-2021-27645: The nameserver caching daemon (nscd), when processing
+  a request for netgroup lookup, may crash due to a double-free,
+  potentially resulting in degraded service or Denial of Service on the
+  local system.  Reported by Chris Schanzle.
+
   CVE-2021-33574: The mq_notify function has a potential use-after-free
   issue when using a notification type of SIGEV_THREAD and a thread
   attribute with a non-default affinity mask.