From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id D98733858D39 for ; Mon, 6 May 2024 19:13:57 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D98733858D39 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org D98733858D39 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1715022839; cv=none; b=h90kZUlOETsPRwY6vOQ6/N+iR8YYGBkMF9xTt/zIhms1pXU7ZI2riRa0i6QKg2cI2mR8spwoL9dZf8RiEeOvxhOzSkZgCC3DDvmtZhbcsjobZl2Cvtp0xHJbdlS92E+muQ3pw94ftAormqIWE3VEQkP7kEnmeEF5QWyyZ6rb5EI= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1715022839; c=relaxed/simple; bh=v3jfXTvfmmfgyWyXXEjKKJfZN4YyuD4wQv5M6KUWT6s=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=vo4I8T5OBUWb2UlMk8EvmGjuBeIF3vzj8phsrCINF3dGtplqbllCrY0t05HZ2uN5zKLHMt6t22ebcDZKO2GjJiMlTbHa/ggYeoRUB/fbi2N0diaO1NbXZCgjU1OVXhSlCvjsvJTgjbikxy0rBwXRG5x578hnG4XT5mpr2W7HfJQ= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1715022837; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1h2ZaskKc7ZDgcl7UC9qGt68F5Qr6Bu2mRemtdYu3DI=; b=SQxVRi6E79TnhvnRXoJEmHGbczB6KJj7Kkv7/bcBDmUUFactwi1FuaC8nLoOMMDx2VKoZ3 hRS+uCRZgl+yX4L203z7I08smC64iGU1W7RQeF8WlUg7z6hG5IIFItMiXjJMwzPiCTuD+I zc4FW3Zh//3Wl1SDZKsYAnOndYf6H4s= Received: from mail-yw1-f200.google.com (mail-yw1-f200.google.com [209.85.128.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-219-fTCXGN-zPoauzbsxCngTOA-1; Mon, 06 May 2024 15:13:55 -0400 X-MC-Unique: fTCXGN-zPoauzbsxCngTOA-1 Received: by mail-yw1-f200.google.com with SMTP id 00721157ae682-61c9675ae5aso44330487b3.0 for ; Mon, 06 May 2024 12:13:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715022834; x=1715627634; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1h2ZaskKc7ZDgcl7UC9qGt68F5Qr6Bu2mRemtdYu3DI=; b=Uf3YHSB+kuLVOEpc+eYnsseNAuZxN8yrOJbTSoJmzlRpSHOOYIDzVroE6iCOVIiMO1 dbPfG6HJGltnAk4PIlrf1TgZP01A6RUcGQFtbR/tIAGlv7V3HVgbiHhz8F+KaO3/UA79 aW3jjHSoGIxS67DQ7C3c1fo9HsvuuIuh8sOX/iKKamEtka6RSjSBgLwngPsm8EJG8fHj SvFcS4d46qyryvTPr1H7V71vWPY6hWtx8/a33blcxbnZJ2YZbnhUt1OTPFTsVwNAXr56 5hrbEEK9TaE+IhEWGYjYEQHq4Sxag0SlUndjDs3VpeYP+7+hSE3hYFbiTYDm3dgo5xTR Rz+g== X-Gm-Message-State: AOJu0YwhQRth6eyMelx3SJywhkT5d2Dgv1xuAWLMuG+TmZVHeTREyvXL w3o3ICDDCcLGMRTg3JKH4TzLLrelUtuudmhdAzIAFOF1yWDnKZueLH54fjJ/gnrj4+QADbjB9vK JaojeQ0irt4RTrDloWQHQAku0uHtY5b008uw5utMia2eq7S4qxXbdoRkmHytuHlAGLUm6dZ4VTv UHBU7bSoEGwTWWwbrKGymhUBs4tWBF/HrmOEn5cFY= X-Received: by 2002:a25:b291:0:b0:dcf:3580:8bc3 with SMTP id k17-20020a25b291000000b00dcf35808bc3mr10616793ybj.23.1715022834014; Mon, 06 May 2024 12:13:54 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFWCS8mJdG3B13oApMOvrDRkg1hS/Swb8n2TnRzJKSmuTPZsIvwcJ67YFt2GLlanZjB1NXbPg== X-Received: by 2002:a25:b291:0:b0:dcf:3580:8bc3 with SMTP id k17-20020a25b291000000b00dcf35808bc3mr10616771ybj.23.1715022833483; Mon, 06 May 2024 12:13:53 -0700 (PDT) Received: from athas.redhat.com ([198.48.244.52]) by smtp.gmail.com with ESMTPSA id bs18-20020ac86f12000000b00434ee466ea6sm5423308qtb.22.2024.05.06.12.13.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 May 2024 12:13:52 -0700 (PDT) From: Carlos O'Donell To: libc-alpha@sourceware.org Cc: Carlos O'Donell , Siddhesh Poyarekar Subject: [COMMITTED 2/2] NEWS: Add advisories. Date: Mon, 6 May 2024 15:13:43 -0400 Message-ID: <20240506191349.125994-2-carlos@redhat.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240506191349.125994-1-carlos@redhat.com> References: <20240506191349.125994-1-carlos@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-12.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: GLIBC-SA-2024-0004: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961) GLIBC-SA-2024-0005: nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599) GLIBC-SA-2024-0006: nscd: Null pointer crashes after notfound response (CVE-2024-33600) GLIBC-SA-2024-0007: nscd: netgroup cache may terminate daemon on memory allocation failure (CVE-2024-33601) GLIBC-SA-2024-0008: nscd: netgroup cache assumes NSS callback uses in-buffer strings (CVE-2024-33602) Reviewed-by: Siddhesh Poyarekar --- NEWS | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/NEWS b/NEWS index cf6078cf20..2234021a95 100644 --- a/NEWS +++ b/NEWS @@ -177,6 +177,25 @@ found in the advisories directory of the release tarball: GLIBC-SA-2024-0003: syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780) + GLIBC-SA-2024-0004: + ISO-2022-CN-EXT: fix out-of-bound writes when writing escape + sequence (CVE-2024-2961) + + GLIBC-SA-2024-0005: + nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599) + + GLIBC-SA-2024-0006: + nscd: Null pointer crashes after notfound response + (CVE-2024-33600) + + GLIBC-SA-2024-0007: + nscd: netgroup cache may terminate daemon on memory allocation + failure (CVE-2024-33601) + + GLIBC-SA-2024-0008: + nscd: netgroup cache assumes NSS callback uses in-buffer strings + (CVE-2024-33602) + The following bugs are resolved with this release: [14522] localedata: fy_DE: LC_IDENTIFICATION data looks weird -- 2.44.0