From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Ijiu=MF=redhat.com=carlos@sourceware.org>
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by sourceware.org (Postfix) with ESMTPS id CEA4C3858D20
	for <libc-alpha@sourceware.org>; Thu,  2 May 2024 20:15:52 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org CEA4C3858D20
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org CEA4C3858D20
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1714680954; cv=none;
	b=McfQepzubP2UY5KhtwHorSWBRhapxDDs9iYuVlzRawsniEYs3MI+ztEOe82OMzSxvpFPEQCsiP8HOY6N63pAKrFOxDDjQOwQLoKFqtpjygGbG29iSWEBZcEPeB4OMAsnZAhBP6bORuy5kA4/MYFqrONkA4UrKK0wlH2gutp0fng=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1714680954; c=relaxed/simple;
	bh=nml033UWUZzeIXwaOKuFzjS6O/hhWpx8bNqHTH4JGGc=;
	h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=Ra8fPVqx9inBmZAEoufPk6PTDJA9JBYALrYvhjfWxyJIXohaDduTgac7JCzlXRh6y0+aztghbZeXiidGQAGJCjy44AJ9320hpC2481BimTC1kQ+5zNDFx3zkId5pN/Hh24Dd3a7PD73/b/FtKB45hxqJX7g7xwFQAzt8Y/avGa0=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1714680951;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=z8KHMVlkxsygmoDkNqI0js0eCynXsMZT+LnQHTf1c+8=;
	b=fPTFPGAPhPg1URmzX/erxxcwzbB9I9LWeWmuW1y17EarG77jYHghlwvwQrcDRUM3mIrtGW
	5vCSUlofJ0Pw7Q2ZyyGYj9H9pklLqNyCDBdBGl9PWr6WgIWt/AWMQMshh/sGggNnOxjXCY
	IwnzNpDhiMfJ/1gHeY/ZRnBxVXdIlTo=
Received: from mail-oi1-f200.google.com (mail-oi1-f200.google.com
 [209.85.167.200]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-453-ox3WIvr7MpicT1wjz9xsHg-1; Thu, 02 May 2024 16:14:34 -0400
X-MC-Unique: ox3WIvr7MpicT1wjz9xsHg-1
Received: by mail-oi1-f200.google.com with SMTP id 5614622812f47-3c7171db6ccso9530651b6e.2
        for <libc-alpha@sourceware.org>; Thu, 02 May 2024 13:14:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1714680873; x=1715285673;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=z8KHMVlkxsygmoDkNqI0js0eCynXsMZT+LnQHTf1c+8=;
        b=YZOxEv5hlhr+ATlH1VKmqpu/A6rEWSbYpbbqkcx+pQcFykPQPyd4Wn5FlwWVFWOmVA
         jvz7BoIj4cdHc+42UoNDYMUCBvU13QBp9/2pHSF+FAoBR3SSr9dvmKfu59fguL+n6Wwo
         WuhQiFeDMkZmWciWDQiftbBRwz6ie6t1sP/k3g6E+MamJFpzqpIn3gP7ACQGaej7a+Ul
         5eILjynVOWUZ0lhLoiqmSqCiIENvDB5TzIgDE1gFDDakdI/MuKb9FqLrtRD11N9uxuxT
         LfpjJ/xPjRR1QpR88TyYhcZV1I/+PLYdf+OsIImaQUQ254i2IiqHOqflsz+Z/Gja0rwz
         8A5w==
X-Gm-Message-State: AOJu0YxfKydpHl8gtmMH/npJo8XZK8+6FyvOgLt/XBNVi6PD6KTnofhO
	cxBUNgYfMqoPtogYWMzlGAazRU7U6Gknz2ViI39AaHjghsntkFubR81l19Z918vh0HVLzdBkbqL
	0qRNUmaMzvpDKaEr+zw23bzy0W7pEC2b7sl/sPZCqjDmaew82HrPiipfGkTB4+EzfnaHy15YXuX
	X8SsWOu5yOUeNfwn3wjFHKhEwGGtX5qIolqt8YK8E=
X-Received: by 2002:a05:6808:d6:b0:3c5:f851:d09b with SMTP id t22-20020a05680800d600b003c5f851d09bmr1101905oic.29.1714680872874;
        Thu, 02 May 2024 13:14:32 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHJCmWf/lhjIbw6CMpQlUpspEheOoVNIL2hoD1/eVnIumzMk8pnHTsgQ8Qi5ejvad8aZRfB/Q==
X-Received: by 2002:a05:6808:d6:b0:3c5:f851:d09b with SMTP id t22-20020a05680800d600b003c5f851d09bmr1101878oic.29.1714680872417;
        Thu, 02 May 2024 13:14:32 -0700 (PDT)
Received: from athas.redhat.com ([198.48.244.52])
        by smtp.gmail.com with ESMTPSA id t10-20020a0cef0a000000b006a0f7d872ccsm611535qvr.59.2024.05.02.13.14.31
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 02 May 2024 13:14:31 -0700 (PDT)
From: Carlos O'Donell <carlos@redhat.com>
To: libc-alpha@sourceware.org,
	Adhemerval Zanella <adhemerval.zanella@linaro.org>,
	Siddhesh Poyarekar <siddhesh@redhat.com>
Cc: Carlos O'Donell <carlos@redhat.com>,
	Siddhesh Poyarekar <siddhesh@sourceware.org>
Subject: [PATCH v2 2/2] NEWS: Add advisories.
Date: Thu,  2 May 2024 16:08:08 -0400
Message-ID: <20240502201423.3413078-2-carlos@redhat.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240502201423.3413078-1-carlos@redhat.com>
References: <20240502201423.3413078-1-carlos@redhat.com>
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-13.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

  GLIBC-SA-2024-0004:
    ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
    sequence (CVE-2024-2961)

  GLIBC-SA-2024-0005:
    nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)

  GLIBC-SA-2024-0006:
    nscd: Avoid null pointer crashes after notfound response
    (CVE-2024-33600)

  GLIBC-SA-2024-0007:
    nscd: netgroup cache may terminate daemon on memory allocation
    failure (CVE-2024-33601)

  GLIBC-SA-2024-0008:
    nscd: netgroup cache assumes NSS callback uses in-buffer strings
    (CVE-2024-33602)

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
 NEWS | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/NEWS b/NEWS
index cf6078cf20..fbec7ec6f2 100644
--- a/NEWS
+++ b/NEWS
@@ -177,6 +177,25 @@ found in the advisories directory of the release tarball:
   GLIBC-SA-2024-0003:
     syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780)
 
+  GLIBC-SA-2024-0004:
+    ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
+    sequence (CVE-2024-2961)
+
+  GLIBC-SA-2024-0005:
+    nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)
+
+  GLIBC-SA-2024-0006:
+    nscd: Avoid null pointer crashes after notfound response
+    (CVE-2024-33600)
+
+  GLIBC-SA-2024-0007:
+    nscd: netgroup cache may terminate daemon on memory allocation
+    failure (CVE-2024-33601)
+
+  GLIBC-SA-2024-0008:
+    nscd: netgroup cache assumes NSS callback uses in-buffer strings
+    (CVE-2024-33602)
+
 The following bugs are resolved with this release:
 
   [14522] localedata: fy_DE: LC_IDENTIFICATION data looks weird
-- 
2.44.0