public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed
* [glibc] NEWS: Document CVE-2023-25139.
@ 2023-02-07 20:20 Carlos O'Donell
0 siblings, 0 replies; only message in thread
From: Carlos O'Donell @ 2023-02-07 20:20 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=67c37737ed474d25fd4dc535dfd822c426e6b971
commit 67c37737ed474d25fd4dc535dfd822c426e6b971
Author: Carlos O'Donell <carlos@redhat.com>
Date: Mon Feb 6 10:36:32 2023 -0500
NEWS: Document CVE-2023-25139.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Diff:
---
NEWS | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/NEWS b/NEWS
index b227e72c9c..a7979a9cd3 100644
--- a/NEWS
+++ b/NEWS
@@ -21,7 +21,12 @@ Changes to build and runtime requirements:
Security related changes:
- [Add security related changes here]
+ CVE-2023-25139: When the printf family of functions is called with a
+ format specifier that uses an <apostrophe> (enable grouping) and a
+ minimum width specifier, the resulting output could be larger than
+ reasonably expected by a caller that computed a tight bound on the
+ buffer size. The resulting larger than expected output could result
+ in a buffer overflow in the printf family of functions.
The following bugs are resolved with this release:
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-02-07 20:20 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-07 20:20 [glibc] NEWS: Document CVE-2023-25139 Carlos O'Donell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).