From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from toucan.tulip.relay.mailchannels.net (toucan.tulip.relay.mailchannels.net [23.83.218.254]) by sourceware.org (Postfix) with ESMTPS id 8D13038515D9 for ; Tue, 6 Sep 2022 13:39:33 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 8D13038515D9 Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=sourceware.org Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=sourceware.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id DFD3612237B for ; Tue, 6 Sep 2022 13:39:29 +0000 (UTC) Received: from pdx1-sub0-mail-a304 (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id ADBAC122615 for ; Tue, 6 Sep 2022 13:39:28 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1662471568; a=rsa-sha256; cv=none; b=IT1lNRackQoDP3yDXtHJtAtjxWv3KL89x8vF3qqkIVmaB/35Motw+TxtKBxo9henEcrOLs Cmg6OLOVJCp9q+nyOcemC9qLdz6OJFfdltcA6th65nxYj42YsumNTtiu/v7KaiJbbFrdd2 OsFmIBn4BmQGv1XNi8oHyP8iUuIDk+6bOEqopawJstZPpFCM68rrmWDsig2uo8omki0tqb SQxJhnqUt08cReJbSOLytINCFDxqKByycPT+42VLmWsYiqTQ199P7V1eb2s2e6LfKnEizZ SxLhQ7pwKf/ljgBta96cMUaThAmizzweA1kJ+5B50wJbQLxg9gjrny/7RXv93w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1662471568; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=TRMXBGRxexI7CTdiO9UVQ1HAVPXpwXmXqa0xBi/HXVI=; b=Q8cvKadl4xuxrACV/A/CW/nNNIL8WxOkOzbW7TaAUUYj7pjoJkCoeBnKW+VNcT/YtfQz6g h4BcGxAYE7UjAOZz9o2pH3uQUT6Tvz0YVEo0oyfRqlq61zLwWMLJlgWcfEz2YnzSWeyC7d KAvRZoLZwDWrBf/7BmUvpum/5UWLiwofBnEgasWJo7yPXFDYBVQtUMLSCeyUzkFoR35/1i qA+vXXJPYH/shoEFwmywxaQReJo4YsximhPLyEftPuN4EITgD3+upPMGy4vYJEJMEOK3pv lJLkiNAZhHbyFi1HSNWHfUgepOg2qRA6i1KVIONXwzMeX3kJiAvrSv2UE9pUUw== ARC-Authentication-Results: i=1; rspamd-686945db84-gn4mw; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@sourceware.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Bored-Industry: 17545c373b1c5721_1662471568962_3438858363 X-MC-Loop-Signature: 1662471568962:745590550 X-MC-Ingress-Time: 1662471568962 Received: from pdx1-sub0-mail-a304 (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.121.28.249 (trex/6.7.1); Tue, 06 Sep 2022 13:39:28 +0000 Received: from fedora.redhat.com (bras-vprn-toroon4834w-lp130-16-184-147-84-238.dsl.bell.ca [184.147.84.238]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a304 (Postfix) with ESMTPSA id 4MMRLy50Tmz1l for ; Tue, 6 Sep 2022 06:39:22 -0700 (PDT) From: Siddhesh Poyarekar To: libc-alpha@sourceware.org Subject: [committed] Add NEWS entry for CVE-2022-39046 Date: Tue, 6 Sep 2022 09:39:16 -0400 Message-Id: <20220906133916.637558-1-siddhesh@sourceware.org> X-Mailer: git-send-email 2.37.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1173.1 required=5.0 tests=BAYES_00,GIT_PATCH_0,KAM_DMARC_NONE,KAM_DMARC_STATUS,KAM_NUMSUBJECT,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_SOFTFAIL,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --- NEWS | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index f9bef48a8f..ef274d1a42 100644 --- a/NEWS +++ b/NEWS @@ -21,7 +21,10 @@ Changes to build and runtime requirements: Security related changes: - [Add security related changes here] + CVE-2022-39046: When the syslog function is passed a crafted input + string larger than 1024 bytes, it reads uninitialized memory from the + heap and prints it to the target log file, potentially revealing a + portion of the contents of the heap. The following bugs are resolved with this release: -- 2.37.2