From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id E7D2D3858C78 for ; Thu, 2 May 2024 02:01:36 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E7D2D3858C78 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org E7D2D3858C78 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1714615298; cv=none; b=IYM+qcvvnwqXqPSOWC4BXN8mV65zFdETPsHzWbQO7ZH0xW6EGU+LCa2pVJZ9btf42ebRk44KrROYYaKz3+CzLI7htrxl7EaL6Nn7NTGPPUy9ZPZIDAIRuRY5mQCheUZ6txSaqCdxkpzW9KRWFihBhG2hC3y0owB6ePctSJchvH8= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1714615298; c=relaxed/simple; bh=alAHVaJ/XhJdpm0bKkULACc455vZsiaUlzrpIF/K+do=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=OjNSU0YLWE1fAELU7rlzMUfsF/fiDOhLXS+eCNcBo/LeD6eJKARNSMdam3iyIHd64cbfOCclKhEBbREYGhtuLLO3goKtbRqrZT1PpSV8LTUARTlVbGntYCBtaDmjDhOyEx4uWJ1SAC4H2cwd2kGkSKXwEu54JVttH2bgAi3VIOg= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1714615296; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IJZz2RyPCLvmP+br6gO6S1lMmQL5jXSoY4fYltoAzCc=; b=OOVs25al+cTfor89yAsyD4KaxepDIasZHAvmXBN7htgmYKrsbOp5pjZwKnjRzCKZIPykc1 PoCYj1yIP+6tjyUuCB/02TmXigX6jGm0t5yR8C9IjjqmOAjKSXxIVmRQc9BDLJ9s2ejBTn TYpLiT3ktQiJNUARCIYtg69Cr38dpnw= Received: from mail-qk1-f198.google.com (mail-qk1-f198.google.com [209.85.222.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-635-8nrhccyCOc2MeO8t8TtknA-1; Wed, 01 May 2024 22:01:35 -0400 X-MC-Unique: 8nrhccyCOc2MeO8t8TtknA-1 Received: by mail-qk1-f198.google.com with SMTP id af79cd13be357-7906ffdf07bso1049226085a.0 for ; Wed, 01 May 2024 19:01:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714615294; x=1715220094; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IJZz2RyPCLvmP+br6gO6S1lMmQL5jXSoY4fYltoAzCc=; b=m1kOWmX6OK8tsPhoeRTRCBsXAsz8CdHptje/usbzeG3g27b0evJ/c6HPPDyjjgxpKc 0r/c/sX+aMO7deaeR2D9g+vm/cKgt2mw5X+Us6BDu9xr/51EAEg9Csi5TjlN/JM1iSPf hVEF8sfAhchrObzjOyXtLdywU1ppIkRrZ9T3nsOUNCvQg2X0JVBok1AnDcepvDtMNqx2 CnJdWiWIwg46C+GVq2kJeV7XgvgbgnqrdRkhBc7SuucZdSq7tWBgQKKt+Bom+QIISNE6 ydAIEtb9oC4CJUAMkZbkRZ/yd6vM+Kjo/cCi9SVa4U9cOWUzVjcV6EYGEIi7pDQCl5FX JxXA== X-Gm-Message-State: AOJu0YysMp7PXnsxmltJF+0GelevDyZWxAD5lM9lj3/AD1ovYjPW+Loe slprXASUCYLqoDQQlIuNUfXKacBTzrPQh2TxaSA9vmVjKCQN/T2uQ34AvjlgYVinv0eca4MoXQd SM7qU73rw+K5Gbvh8F9GBkkRugyi6wmZ3dqg0NYJSZxCL4ALeC985wWewf90RDcwHB/lBa24ZEW z1CRV8pmFS4xU9mD9J5qRsgiwzCqpJsrdJnYAft8w= X-Received: by 2002:ae9:e64a:0:b0:790:e8af:d3fd with SMTP id x10-20020ae9e64a000000b00790e8afd3fdmr877335qkl.75.1714615294444; Wed, 01 May 2024 19:01:34 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEJeZ9fNMd63qZZy/F5gLXKVEXWBAjPyU+UhEuuJ5Vc45m7XN/58uuGuiLiZbsZW4ibmnPi1w== X-Received: by 2002:ae9:e64a:0:b0:790:e8af:d3fd with SMTP id x10-20020ae9e64a000000b00790e8afd3fdmr877301qkl.75.1714615293985; Wed, 01 May 2024 19:01:33 -0700 (PDT) Received: from athas.redhat.com ([198.48.244.52]) by smtp.gmail.com with ESMTPSA id pa2-20020a05620a830200b0078ede2e9125sm12665938qkn.57.2024.05.01.19.01.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 May 2024 19:01:30 -0700 (PDT) From: Carlos O'Donell To: libc-alpha@sourceware.org, Adhemerval Zanella , Siddhesh Poyarekar Cc: Carlos O'Donell Subject: [PATCH 2/2] NEWS: Add advisories. Date: Wed, 1 May 2024 21:58:50 -0400 Message-ID: <20240502020121.3267018-2-carlos@redhat.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240502020121.3267018-1-carlos@redhat.com> References: <20240502020121.3267018-1-carlos@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: GLIBC-SA-2024-0004: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961) GLIBC-SA-2024-0005: nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599) GLIBC-SA-2024-0006: nscd: Avoid null pointer crashes after notfound response (CVE-2024-33600) GLIBC-SA-2024-0007: nscd: netgroup cache may terminate daemon on memory allocation failure (CVE-2024-33601) GLIBC-SA-2024-0008: nscd: netgroup cache assumes NSS callback uses in-buffer strings (CVE-2024-33602) --- NEWS | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/NEWS b/NEWS index cf6078cf20..fbec7ec6f2 100644 --- a/NEWS +++ b/NEWS @@ -177,6 +177,25 @@ found in the advisories directory of the release tarball: GLIBC-SA-2024-0003: syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780) + GLIBC-SA-2024-0004: + ISO-2022-CN-EXT: fix out-of-bound writes when writing escape + sequence (CVE-2024-2961) + + GLIBC-SA-2024-0005: + nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599) + + GLIBC-SA-2024-0006: + nscd: Avoid null pointer crashes after notfound response + (CVE-2024-33600) + + GLIBC-SA-2024-0007: + nscd: netgroup cache may terminate daemon on memory allocation + failure (CVE-2024-33601) + + GLIBC-SA-2024-0008: + nscd: netgroup cache assumes NSS callback uses in-buffer strings + (CVE-2024-33602) + The following bugs are resolved with this release: [14522] localedata: fy_DE: LC_IDENTIFICATION data looks weird -- 2.44.0