From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ldv@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1804)
	id EF40F382F996; Fri,  7 Oct 2022 08:20:32 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org EF40F382F996
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1665130832;
	bh=ynYAc1mqDAPsELO8a2IU+v10sJVHGxEs1WLi4/07OEE=;
	h=From:To:Subject:Date:From;
	b=K3+/lp29XeTcocWJ7dejFnUclzRJIFL+AKMGWky9wpLRdGOIGQ+W6UgTEOQLM6Thk
	 TZglDGzSWWFRuj7sByyUGuVLTBm+KubxBVmQ+HeLFJ27Bc8e9loFnjDXPZ+2e1J4Uu
	 AmaZJ82fpfepFUcMHhjLg+M+Txgfp5yeu5gTonHg=
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Dmitry Levin <ldv@sourceware.org>
To: glibc-cvs@sourceware.org
Subject: [glibc/release/2.32/master] NEWS: Mention CVE-2020-29562 (BZ #26923)
X-Act-Checkin: glibc
X-Git-Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
X-Git-Refname: refs/heads/release/2.32/master
X-Git-Oldrev: 1896ace5805f7322daeb367f57004c8ea15a1d70
X-Git-Newrev: 6fd634e9b922a4a1293f0cf5a8f6c908f68c5401
Message-Id: <20221007082032.EF40F382F996@sourceware.org>
Date: Fri,  7 Oct 2022 08:20:32 +0000 (GMT)
List-Id: <glibc-cvs.sourceware.org>

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6fd634e9b922a4a1293f0cf5a8f6c908f68c5401

commit 6fd634e9b922a4a1293f0cf5a8f6c908f68c5401
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date:   Mon Dec 7 22:29:18 2020 +0530

    NEWS: Mention CVE-2020-29562 (BZ #26923)
    
    BZ #26923 now has a CVE entry, so add a NEWS entry for it.
    
    (cherry picked from commit 38a9e93cb1c58e3c899d638480e6d6e42af8e6fc)

Diff:
---
 NEWS | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/NEWS b/NEWS
index 3e28b3902e..f087aff61e 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,9 @@ Security related changes:
   CVE-2019-25013: A buffer overflow has been fixed in the iconv function when
   invoked with EUC-KR input containing invalid multibyte input sequences.
 
+  CVE-2020-29562: An assertion failure has been fixed in the iconv function
+  when invoked with UCS4 input containing an invalid character.
+
   CVE-2020-27618: An infinite loop has been fixed in the iconv program when
   invoked with input containing redundant shift sequences in the IBM1364,
   IBM1371, IBM1388, IBM1390, or IBM1399 character sets.