From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 1944) id 9D993385150E; Wed, 26 Oct 2022 15:06:03 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9D993385150E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1666796763; bh=w3zCZDJHtCXm1P3f59D1ZUOh32dzr+BrtTjtoZbXrZI=; h=From:To:Subject:Date:From; b=ZxlN1+Xn8XUNzLRb+WlwciLiOEYovUrEZWiOnsFhHa1+xaMH7ixHqs3XTNf44Xt3E 7aZZmLwrFe2D3f7UTsfE7EnRcQd9tXvW1npy/VZdGmHwhy8Re9ukJtyceXG/D38M5y /lrQIkYhEhp6prJoMHe3GAQhpc4swBiYK2rhBNGM= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Szabolcs Nagy To: glibc-cvs@sourceware.org Subject: [glibc/arm/morello/main] Add NEWS entry for CVE-2022-39046 X-Act-Checkin: glibc X-Git-Author: Siddhesh Poyarekar X-Git-Refname: refs/heads/arm/morello/main X-Git-Oldrev: 645d94808aaa90fb1b20a25ff70bb50d9eb1d55b X-Git-Newrev: b46412fb17e8bfc6c9e1f144bbcf833320c80f8a Message-Id: <20221026150603.9D993385150E@sourceware.org> Date: Wed, 26 Oct 2022 15:06:03 +0000 (GMT) List-Id: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b46412fb17e8bfc6c9e1f144bbcf833320c80f8a commit b46412fb17e8bfc6c9e1f144bbcf833320c80f8a Author: Siddhesh Poyarekar Date: Tue Sep 6 09:31:50 2022 -0400 Add NEWS entry for CVE-2022-39046 (cherry picked from commit 76fe56020e7ef354685b2284580ac1630c078a2b) Diff: --- NEWS | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/NEWS b/NEWS index 757ded85e0..10a7613f09 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,13 @@ using `glibc' in the "product" field. Version 2.36.1 +Security related changes: + + CVE-2022-39046: When the syslog function is passed a crafted input + string larger than 1024 bytes, it reads uninitialized memory from the + heap and prints it to the target log file, potentially revealing a + portion of the contents of the heap. + The following bugs are resolved with this release: [28846] CMSG_NXTHDR may trigger -Wstrict-overflow warning