* [COMMITTED] Update NEWS to add CVE-2017-15804 entry
@ 2017-12-01 20:56 Aurelien Jarno
0 siblings, 0 replies; only message in thread
From: Aurelien Jarno @ 2017-12-01 20:56 UTC (permalink / raw)
To: libc-alpha; +Cc: Aurelien Jarno
---
NEWS | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/NEWS b/NEWS
index 48af4acaea..10f695aab1 100644
--- a/NEWS
+++ b/NEWS
@@ -100,8 +100,8 @@ Security related changes:
processing, leading to a memory leak and, potentially, to a denial
of service.
- The glob function, when invoked with GLOB_TILDE and without
- GLOB_NOESCAPE, could write past the end of a buffer while
+ CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and
+ without GLOB_NOESCAPE, could write past the end of a buffer while
unescaping user names. Reported by Tim Rühsen.
The following bugs are resolved with this release:
--
2.15.0
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-12-01 20:56 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-12-01 20:56 [COMMITTED] Update NEWS to add CVE-2017-15804 entry Aurelien Jarno
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).