[PATCH v2] NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3)

public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed

* [PATCH v2] NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3)
@ 2021-01-29 16:41 Florian Weimer
  2021-01-29 16:54 ` Adhemerval Zanella
  2021-01-29 17:12 ` Dmitry V. Levin
  0 siblings, 2 replies; 5+ messages in thread
From: Florian Weimer @ 2021-01-29 16:41 UTC (permalink / raw)
  To: libc-alpha

---
v2: fix the typos Paul Zimmermann reported

 NEWS | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/NEWS b/NEWS
index 6521a4f5b7..0d589f9f6e 100644
--- a/NEWS
+++ b/NEWS
@@ -102,6 +102,12 @@ Changes to build and runtime requirements:
 
 Security related changes:
 
+  CVE-2021-3326: An assertion failure during conversion from the
+  qISO-20220-JP-3 character set using the iconv function has been fixed.
+  This assertion was triggered by certain valid inputs in which the
+  converted output contains a combined sequence of two wide characters
+  crossing a buffer boundary.  Reported by Tavis Ormandy.
+
   CVE-2020-27618: An infinite loop has been fixed in the iconv program when
   invoked with input containing redundant shift sequences in the IBM1364,
   IBM1371, IBM1388, IBM1390, or IBM1399 character sets.

-- 
Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v2] NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3)
  2021-01-29 16:41 [PATCH v2] NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3) Florian Weimer
@ 2021-01-29 16:54 ` Adhemerval Zanella
  2021-01-29 17:12 ` Dmitry V. Levin
  1 sibling, 0 replies; 5+ messages in thread
From: Adhemerval Zanella @ 2021-01-29 16:54 UTC (permalink / raw)
  To: libc-alpha

Ok for 2.33.

On 29/01/2021 13:41, Florian Weimer via Libc-alpha wrote:
> ---
> v2: fix the typos Paul Zimmermann reported
> 
>  NEWS | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/NEWS b/NEWS
> index 6521a4f5b7..0d589f9f6e 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -102,6 +102,12 @@ Changes to build and runtime requirements:
>  
>  Security related changes:
>  
> +  CVE-2021-3326: An assertion failure during conversion from the
> +  qISO-20220-JP-3 character set using the iconv function has been fixed.
> +  This assertion was triggered by certain valid inputs in which the
> +  converted output contains a combined sequence of two wide characters
> +  crossing a buffer boundary.  Reported by Tavis Ormandy.
> +
>    CVE-2020-27618: An infinite loop has been fixed in the iconv program when
>    invoked with input containing redundant shift sequences in the IBM1364,
>    IBM1371, IBM1388, IBM1390, or IBM1399 character sets.
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v2] NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3)
  2021-01-29 16:41 [PATCH v2] NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3) Florian Weimer
  2021-01-29 16:54 ` Adhemerval Zanella
@ 2021-01-29 17:12 ` Dmitry V. Levin
  2021-01-29 18:00   ` Florian Weimer
  1 sibling, 1 reply; 5+ messages in thread
From: Dmitry V. Levin @ 2021-01-29 17:12 UTC (permalink / raw)
  To: Florian Weimer; +Cc: libc-alpha

On Fri, Jan 29, 2021 at 05:41:13PM +0100, Florian Weimer via Libc-alpha wrote:
> ---
> v2: fix the typos Paul Zimmermann reported
> 
>  NEWS | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/NEWS b/NEWS
> index 6521a4f5b7..0d589f9f6e 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -102,6 +102,12 @@ Changes to build and runtime requirements:
>  
>  Security related changes:
>  
> +  CVE-2021-3326: An assertion failure during conversion from the
> +  qISO-20220-JP-3 character set using the iconv function has been fixed.

I'm not sure about "q" in "qISO-20220-JP-3".


-- 
ldv

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v2] NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3)
  2021-01-29 17:12 ` Dmitry V. Levin
@ 2021-01-29 18:00   ` Florian Weimer
  2021-01-29 18:05     ` Adhemerval Zanella
  0 siblings, 1 reply; 5+ messages in thread
From: Florian Weimer @ 2021-01-29 18:00 UTC (permalink / raw)
  To: Adhemerval Zanella; +Cc: Dmitry V. Levin, libc-alpha

* Dmitry V. Levin:

> On Fri, Jan 29, 2021 at 05:41:13PM +0100, Florian Weimer via Libc-alpha wrote:
>> ---
>> v2: fix the typos Paul Zimmermann reported
>> 
>>  NEWS | 6 ++++++
>>  1 file changed, 6 insertions(+)
>> 
>> diff --git a/NEWS b/NEWS
>> index 6521a4f5b7..0d589f9f6e 100644
>> --- a/NEWS
>> +++ b/NEWS
>> @@ -102,6 +102,12 @@ Changes to build and runtime requirements:
>>  
>>  Security related changes:
>>  
>> +  CVE-2021-3326: An assertion failure during conversion from the
>> +  qISO-20220-JP-3 character set using the iconv function has been fixed.
>
> I'm not sure about "q" in "qISO-20220-JP-3".

Ugh, thanks for spotting this, Dmitry.

Adhemerval, is it okay if I push a patch to remove that “q”?

Thanks,
Florian
-- 
Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v2] NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3)
  2021-01-29 18:00   ` Florian Weimer
@ 2021-01-29 18:05     ` Adhemerval Zanella
  0 siblings, 0 replies; 5+ messages in thread
From: Adhemerval Zanella @ 2021-01-29 18:05 UTC (permalink / raw)
  To: Florian Weimer; +Cc: Dmitry V. Levin, libc-alpha



On 29/01/2021 15:00, Florian Weimer wrote:
> * Dmitry V. Levin:
> 
>> On Fri, Jan 29, 2021 at 05:41:13PM +0100, Florian Weimer via Libc-alpha wrote:
>>> ---
>>> v2: fix the typos Paul Zimmermann reported
>>>
>>>  NEWS | 6 ++++++
>>>  1 file changed, 6 insertions(+)
>>>
>>> diff --git a/NEWS b/NEWS
>>> index 6521a4f5b7..0d589f9f6e 100644
>>> --- a/NEWS
>>> +++ b/NEWS
>>> @@ -102,6 +102,12 @@ Changes to build and runtime requirements:
>>>  
>>>  Security related changes:
>>>  
>>> +  CVE-2021-3326: An assertion failure during conversion from the
>>> +  qISO-20220-JP-3 character set using the iconv function has been fixed.
>>
>> I'm not sure about "q" in "qISO-20220-JP-3".
> 
> Ugh, thanks for spotting this, Dmitry.
> 
> Adhemerval, is it okay if I push a patch to remove that “q”?
Ok.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2021-01-29 18:05 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-29 16:41 [PATCH v2] NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3) Florian Weimer
2021-01-29 16:54 ` Adhemerval Zanella
2021-01-29 17:12 ` Dmitry V. Levin
2021-01-29 18:00   ` Florian Weimer
2021-01-29 18:05     ` Adhemerval Zanella

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).