From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 1804) id B5D6F382F99F; Fri, 7 Oct 2022 08:20:22 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B5D6F382F99F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1665130822; bh=95ODcW86KxSuegyGoOwIbQUKBWnrAaAde4ul1Vtnb4g=; h=From:To:Subject:Date:From; b=CoD6ezhRb7zzdO0HuaNzp/AXjks4NCUq6wicma+H/GRmGUapNNyvMXhKEUhnfhA4L iJCkamaaGzJ5inhMMr0wizlFkSATp4DqLIers9I2BvnnXZxtdMFQh1tFzhD6PBXd0L e9BPi2G82Q62h0QBOTEsQ4fvkL/qovD4kSsve7/Y= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Dmitry Levin To: glibc-cvs@sourceware.org Subject: [glibc/release/2.32/master] NEWS: Mention CVE-2021-35942 X-Act-Checkin: glibc X-Git-Author: Dmitry V. Levin X-Git-Refname: refs/heads/release/2.32/master X-Git-Oldrev: aa510aa2767b9aff0401a62718e2cf93f745fb0d X-Git-Newrev: cdf5ee727d831c0bd21b54da83ca9b03e77cead0 Message-Id: <20221007082022.B5D6F382F99F@sourceware.org> Date: Fri, 7 Oct 2022 08:20:22 +0000 (GMT) List-Id: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cdf5ee727d831c0bd21b54da83ca9b03e77cead0 commit cdf5ee727d831c0bd21b54da83ca9b03e77cead0 Author: Dmitry V. Levin Date: Tue Oct 4 08:00:00 2022 +0000 NEWS: Mention CVE-2021-35942 Add a NEWS entry for the fix that was backported by commit 27e892f6608e9d0da71884bb1422a735f6062850. Diff: --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/NEWS b/NEWS index 7bd476deb6..078891a5a4 100644 --- a/NEWS +++ b/NEWS @@ -31,6 +31,10 @@ Security related changes: issue when using a notification type of SIGEV_THREAD and a thread attribute with a non-default affinity mask. + CVE-2021-35942: The wordexp function may overflow the positional + parameter number when processing the expansion resulting in a crash. + Reported by Philippe Antoine. + The following bugs are resolved with this release: [20019] NULL pointer dereference in libc.so.6 IFUNC due to uninitialized GOT